Agent Vault launches HTTP credential proxy for Claude Code, OpenClaw, and MCP tools

• Infisical launched Agent Vault as an open-source "HTTP credential proxy and vault" that lets agents call external services without directly reading secrets, according to the launch thread.
• The launch is aimed at agent runtimes and tools such as Claude Code, OpenClaw, and MCP-based workflows; Infisical says the proxy can sit in front of API, CLI, SDK, and MCP access paths launch thread CLI demo.
• Infisical's announcement frames the design around a separate credential broker beside the agent, with room to inspect proxied requests and later apply firewall-style restrictions at the proxy layer.
• A rough "proposal" flow is already included: instead of preloading credentials into a vault, the agent can request a credential from a human, as described in the follow-up thread.

Infisical's launch narrows the problem to one question: how an agent reaches external services "without them reading any secrets," as the launch thread puts it. The answer is a proxy layer that attaches credentials outside the agent runtime, so the model or tool caller only makes the request.

• The proxy model covers multiple access patterns: APIs, CLIs, SDKs, and MCP servers, per the launch thread.
• Infisical says the broker can run "beside each agent" as a service, sidecar, or egress layer, which keeps secret storage separate from the agent process launch thread.
• The repo is open source through the GitHub project, and the CLI flow is minimal enough to demo as agent-vault run -- claude, according to the CLI post.

The follow-up detail is the "proposal" mechanism. Instead of manually adding a credential first, the agent can ask a human for one when it needs access, though Infisical says that part is still "a bit rough" and the immediate priority is broad integration across agentic use cases the follow-up thread. Matt Rickard's supporting take adds the operational framing: scope secrets to "domain AND function," expose endpoints instead of raw secrets, and attach policy at the proxy layer per agent, session, or command.