Developer Tools●Mid
Keynest – a simple offline secrets manager
Encrypted .env replacement, but pass and sops already cover this.
Ship ItCozy
capydev42
102mo ago
Back to browse
GitHub Repository
Yubikey-backed password store with token swap semantics to prevent passwords leaking to command line history or AI agents.
3 starsC#
Tswap–Yubikey-backed secret injection for IaC and AI-assisted workflows
by stevedcc·Feb 27, 2026·1 point·0 comments
AI Analysis
●●●BangerBig BrainSolve My ProblemZero to One
AI agents deploy without ever seeing passwords—hardwarebacked XOR-split YubiKey redundancy, sudo-enforced privilege boundary.
Strengths
- •Privilege boundary is genuinely clever: AI can run/deploy without sudo, can't read/delete secrets without it. Real threat model.
- •XOR key reconstruction solves actual YubiKey cold-storage problem—one key in safe, one daily-carry, both unlock independently.
- •Pipe-compatible YAML substitution (comments keep files valid) integrates naturally into Helm/kubectl workflows without wrapper overhead.
Weaknesses
- •Early-stage (.NET, platform-specific builds required). Maturity and Windows support are incomplete; no package managers yet.
- •Threat model assumes AI agent doesn't have sudo access—true in some setups, but doesn't protect against compromised container runtime or lateral movement.
Category
Target Audience
DevOps engineers and platform teams running AI-assisted infrastructure management (Claude Code, Copilot in Kubernetes/Helm workflows)
Similar To
HashiCorp Vault · SOPS (Secrets Operations) · Sealed Secrets
Post Description
I built tswap after noticing that Claude Code, while genuinely useful for managing a Kubernetes cluster, was pulling plaintext secrets from every manifest it touched. I wanted the AI to be able to do its job without ever seeing the actual values.
tswap keeps secrets in an AES-encrypted vault file on disk. The decryption key is derived from a YubiKey via HMAC challenge-response. At init you pair two YubiKeys — either unlocks the vault, so you have no single point of hardware failure.
Config files use a comment-based placeholder that keeps them valid YAML:
stringData: DB_PASSWORD: # tswap: db-password
Deployment is a pipe:tswap apply values.yaml | helm upgrade myapp ./chart -f -
The privilege split is the key design decision: `apply`, `run`, and `check` need no elevation (AI agent gets these). `get`, `list`, `delete`, and `export` require sudo/admin (human gets these). The AI can deploy; it can't read or enumerate secrets.Other features: burn tracking for rotation, `redact` for stripping values from logs, `check` for pre-deploy validation, `export`/`import` for vault migration.
Single binary, no daemon. Tested on Linux, macOS, and Windows.
Similar Projects
Developer Tools●●Solid
A modern Git based age-encrypted secrets manager for teams
Temporary decryption with ctg run deletes plaintext after command, unlike sops or git-crypt.
Solve My ProblemCozy
sayanarijit
211mo ago
Developer Tools●●Solid
Sigyn – OSS native macOS secrets manager to replace .env (GUI+CLI)
Touch ID auth and Keychain integration beat 1Password's env tool on local-first workflow.
SlickSolve My Problem
conguy
223mo ago
Security●●Solid
Keypo – Secure Enclave encrypted secrets for AI coding agents
Secure Enclave vault exec beats .env files for AI agent secret injection.
SlickNiche Gem
dhblumenfeld1
512mo ago
Security●●Solid
Agent-password – a local macOS password manager for agent workflows
Human-in-the-loop secret approval for AI agents beats giving them full 1Password access.
Niche GemBig BrainShip It
tartavull
502mo ago
Security●●●Banger
My agents are building a secure fork of OpenClaw
AI agents get credentials without ever seeing them—SQL prepared statements for secrets.
Zero to OneBig BrainWizardry
stcredzero
904mo ago