alt Hacker NewsIn the context of traditional SaaS, using dynamic secrets loaded at runtime (KMS+Dynamo, etc.).
For agentic tools and pure agents, a proxy is the safest approach. The agent can even think it has a real API key, but said key is worthless outside of the proxy setting.
These are from AWS right, what about simple, no cloud setups with just docker compose or even bare proccesses on a VPS?