alt Hacker NewsI keep getting hung up on securely storing and using secrets with CLI vs MCP. With MCP, you can run the server before you run the agent, so the agent never even has the keys in its environment. That way. If the agent decides to install the wrong npm package that auto dumps every secret it can find, you are less likely to have it sitting around. I haven’t figured out a good way to guarantee that with CLIs.
Replies
usrbinbash • today at 7:15 AM
And in a skill, I can store the secret in the skill itself, or a secure storage the skill accesses, and the agent never gets to see the secret.
Sure, if I want my agents to use naked curl on the CLI, they need to know secrets. But that's not how I build my tools.
➕ show 1 reply
seriousmountain • today at 8:57 AM
[dead]
pavelbuild • today at 9:27 AM
[dead]
A CLI can just be a RPC call to a daemon, exact same pattern apply. In fact my most important CLI based skill are like this.. a CLI by itself is limited in usefulness.