I built a tool to stop AI coding agents from leaking my secrets (github.com)

A new tool called Veil has been developed to protect sensitive API keys and secrets from being exposed to AI coding agents during development. While .gitignore has historically secured secrets from being committed to version control, Veil addresses the gap at the AI boundary, ensuring that agents like Claude Code or Cursor never access real credentials. The tool achieves this by relocating Bearer tokens from .env files to the OS keychain, substituting them with placeholder values. As requests are made, Veil injects the actual tokens through a local HTTPS proxy, all while logging the agent’s actions to maintain oversight. This innovation is significant for the AI/ML community as it offers an extra layer of security for developers working with AI tools, mitigating the risk of unintentional leaks from agents that might read the project’s secrets. Veil is designed to work seamlessly with any HTTP client without needing modifications on the agent's side. Although still in pre-1.0 development and not intended for production use, Veil stands out by focusing on safeguarding secrets from a potentially curious AI agent, complementing existing secrets management solutions that operate within the application runtime.