一些密钥管理应该在你的HTTP代理中。

一些密钥管理应该在你的HTTP代理中。
Some secret management belongs in your HTTP proxy

原始链接: https://blog.exe.dev/http-proxy-secrets

密钥管理是一个日益增长的挑战，尤其是在人工智能代理兴起的情况下。虽然大型组织可以使用集中式密钥管理服务，但它们会增加运营复杂性。小型团队通常依赖 API 密钥，这本身就存在风险——容易泄露，有时会被敏感模型拒绝，并且即使在撤销后也容易被滥用。核心问题并非针对代理*才出现*；API 密钥本身就过于强大。更好的方法是避免直接存储密钥。作者建议使用 HTTP 代理将密钥作为头部注入，从而有效地将密钥从配置文件和代码中移除。这适用于许多 API，例如 Stripe，通过内部服务管理密钥来路由请求。 exe.dev 通过提供“集成”来简化此过程——通过标签分配的云端管理的 HTTP 代理，自动应用于虚拟机。对于 GitHub 等服务，他们构建了一个专门的应用程序来处理 OAuth，从而消除了手动密钥轮换。这种方法以相对简单的形式提供了显著的安全价值，将密钥管理的负担转移到云提供商。

对不起。

原文

Secrets management is a pain.

Larger organizations commit to centralizing secrets management in a service. When done well, these services solve a lot of issues around secrets, at the cost of creating a lot of ops overhead (which is why they are limited to larger organizations) and engineering complexity. Smaller organizations have, until now, lived with the pain. But the pain has become far more significant with agents.

Agents fuss when you directly hand them an API key. It usually works, and if you make it a rapidly revocable key that you disable after the session, you mitigate the risks. But some models (you know which ones) freak out on seeing the secret, and refuse to do anything now that the key is “exposed.” Models that are not so ridiculous about API keys will write the key to inter-session memory, pulling it out in another session and burning precious context window trying to use a revoked key. All of which assumes you go to the effort of constantly generating keys.

Like so many problems getting attention right now, this looks like a problem created by agents. But the problem was always there. API keys are convenient but too powerful. Holding one does not just grant you the ability to make API calls, it grants you the power to give others the ability to make API calls (by sending them the key). No software I write in production that has an /etc/defaults file full of env vars containing API keys needs that power. We have always just been careful about how we write programs to not exfil keys. Never careful enough, because many security flaws in such an app now let the attacker walk off the keys and give them a window to do nastiness from wherever they like, until we realize and start manually rotating them.

Attempts to automate key rotation to close this hole have mixed success. Our industry does use OAuth in some places, and sometimes OAuth is configured to rotate keys. But services still ship API keys, because they are easy for users. (OAuth, while simple in theory, is always painfully complex to use.) Some services give us the worst of all worlds, like GitHub encouraging personal access tokens with 90-day expiry windows. Just long enough for you to forget about them and your internal service to break mysteriously while you are on vacation.

Inter-server OAuth as commonly practiced today also does not help with agents, as creation is usually designed to have some human intervention via a web browser cookie in a way deliberately designed to be hard to automate. I do not think I have ever used a service that gave me an OAUTH_CLIENT_SECRET via an API. So it’s fine (if complex and painful) for traditional services, but your agent is not doing that.

So in practice, what can we do today to solve this?

We can use an HTTP proxy that injects headers.

Many secrets are HTTP headers

Many APIs talk HTTP. They usually ship an HTTP header, either a basic auth header or their own. Here is, for example, Stripe’s:

curl https://api.stripe.com/v1/customers \
  -u "sk_test_BQokikJOvBiI2HlWgH4olfQ2:" \
  -d "name=Jenny Rosen" \
  --data-urlencode "[email protected]"

So instead of an /etc/defaults file with your sk_test key, if you have an HTTP proxy managing secrets you can do this:

curl https://stripe.int.exe.xyz/v1/customers \
  -d "name=Jenny Rosen" \
  --data-urlencode "[email protected]"

Where the server in the URL has been changed to another internal service you run. And the key has been removed! What grants your server, and your agents, the ability to use the secret is their ability to reach your secrets HTTP proxy.

This covers, amazingly, almost all secrets.

A proxy like this is part of machinery provided by complex secrets management products. What is interesting is that it is one of the easier parts of secrets management, and delivers a large amount of the value.

Integrations in exe.dev

The final piece of the puzzle is: why do you need to write and manage an HTTP proxy? Your cloud should do it for you. So we built Integrations into exe.dev to do this. Assign an integration to a tag, tag the VMs you want to have access, done. Clone your VM, you get a fresh space to work with agents and your integrations are automatically present.

A screenshot of setting up an HTTP integration in exe.dev

For GitHub, we did something special, and built a GitHub App to manage the OAuth for you. No need for manual rotation of keys. We intend to build a lot more integrations soon.