agent-cred-proxy acp

acp // single static Go binary · zero dependencies

Credentials your agents never hold.

acp is a local credential proxy for AI agents. It strips any auth header the agent sends and injects the real, team-managed credential from an encrypted store — right before the request goes upstream. The agent never sees the secret. Setup is two commands.

install — one line
$curl -fsSL https://agent-cred-proxy.vikrantpogula.com/install.sh | sh

macOS & Linux use the shell one-liner; Windows uses PowerShell (irm). Checksums verified automatically. Prefer a binary? Manual downloads below.

Why acp

Agents call many APIs. They should hold none of the keys.

A long-lived token doesn't leak from one place. It gets written into .env files and config under ~/.config, echoed into shell history and curl commands, splashed across logs — and pasted straight into the model's context window. acp empties every one of those places at once, because the agent never holds the credential at all.

token leak surface nothing to steal
  • .envnever written
  • ~/.config/*.tomlnever stored
  • ~/.bash_historynever typed
  • curl -H 'Authorization: …'never pasted
  • agent.lognever logged
  • context windownever seen

Shrink the blast radius

A compromised agent yields nothing worth stealing. It only ever talked to a local socket and never held a credential — exfiltrate everything, leave with nothing.

Rotate centrally

Change a credential once, in one place. Every proxy picks it up on its next request — no agent restarts, no config edits, no redeploys.

Team-managed

Personal secrets and shared team secrets, envelope-encrypted at rest in SQLite. OAuth2 tokens auto-refresh in memory.

How it works

A proxy in the request path, not a vault in the agent.

Point your agent's HTTPS_PROXY at acp. Everything else is transparent. 

agent ──HTTP(S)_PROXY──▶  acp  ──▶  upstream API

                           ├─ strip client-supplied Authorization
                           ├─ inject the real token from the encrypted store
                           └─ refresh OAuth2 tokens in memory before they expire
Forward & reverseStandard HTTP(S)_PROXY interception via a local CA, plus named reverse-proxy routes.
Encrypted at restCredentials live in an envelope-encrypted SQLite store, never in agent config.
One binaryPure-Go, fully static. No runtime, no system dependencies, no container required.

Quick start

Two commands. That's the whole setup.

After the one-line install, one command opens the setup UI and one command runs the proxy. From zero to a credential-free agent in under a minute.

Install

One line; checksums verified automatically.

$ curl -fsSL https://agent-cred-proxy.vikrantpogula.com/install.sh | sh

Configure

Opens a terminal UI to add a credential and the rule that routes a host's traffic to it. Everything is written to ~/.acp/. 

$ acp configure

Run the proxy

Logs stream to your terminal; Ctrl-C stops it. Prefer it in the background? acp start --daemon, then acp logs -f and acp stop. 

$ acp start

Point the agent at it

No token anywhere in the agent's environment.

$ HTTPS_PROXY=http://127.0.0.1:8080 \
    CURL_CA_BUNDLE=~/.acp/ca/ca-cert.pem \
    curl https://api.github.com/user
# → upstream gets the real token; the agent held nothing
Scripting it? acp add does what the UI does in one line — echo "$TOKEN" | acp add github --host api.github.com --token @- — and @- keeps the token out of your shell history.

Downloads

Latest release, every platform.

Every download is a single static binary — no runtime, no dependencies. Pick your OS, click your architecture.

macOS Apple Silicon Intel
Linux amd64 arm64
Windows amd64 (.exe)

View the installer source: install.sh (macOS & Linux) · install.ps1 (Windows) · all checksums: checksums.txt

Verify a download: shasum -a 256 -c <(curl -fsSL https://agent-cred-proxy.vikrantpogula.com/dl/acp-darwin-arm64.sha256)