请问HN:在使用代理的本地机器上,保护秘密的最佳实践是什么?
在构建自主/半自主代理时,它们通常需要广泛的本地访问权限:环境变量、文件、命令行界面、浏览器、API 密钥等。这使得通常的假设——“本地机器是安全且未被篡改的”——显得不那么可靠。
我们已经在使用密码管理器、OAuth、范围密钥和沙箱技术,但代理引入了新的风险:提示注入、工具误用、意外的操作链以及通过日志或模型上下文泄露的机密。给予代理足够的权限以便其发挥作用似乎与最小权限原则相悖。
我没有看到很多关于这个问题的讨论。在代理时代,人们是如何看待开发机器上的机密管理和信任边界的?在实践中,哪些模式实际上是有效的?
查看原文
When building with autonomous / semi-autonomous agents, they often need broad local access: env vars, files, CLIs, browsers, API keys, etc. This makes the usual assumption — “the local machine is safe and untampered” — feel shaky.<p>We already use password managers, OAuth, scoped keys, and sandboxing, but agents introduce new risks: prompt injection, tool misuse, unexpected action chains, and secrets leaking via logs or model context. Giving agents enough permission to be useful seems at odds with least-privilege.<p>I haven’t seen much discussion on this. How are people thinking about secret management and trust boundaries on dev machines in the agent era? What patterns actually work in practice?