Keycard launches task-scoped credentials for coding agents

• Keycard launched an identity layer for coding agents that issues short-lived credentials tied to four attributes — user, agent, runtime, and task — instead of reusing a developer’s full standing access, according to the launch thread.
• The product is aimed at the gap between noisy approval flows and unsafe bypasses: Keycard’s announcement post argues that repeated "Allow" prompts create "friction dressed up as governance," while the follow-up thread says sensitive operations can trigger step-up approval.
• One CLI command, the product thread says, works across Claude Code, Codex, Cursor, ChatGPT, and OpenClaw, with the same policy model spanning laptops, sandboxes, and CI.
• Early practitioner reaction focused on the access model rather than the UI: one engineer called "identity-based access" the "real unlock for agent security," echoing another discussion around task-scoped authorization for agents.

Keycard says its new system resolves a "four-part identity" for every coding session: user, agent, runtime, and task launch thread. From that, it mints credentials that are "short-lived" and scoped only to the tool call being executed, rather than leaving static API keys in local files or handing an agent broad admin access launch thread. The company’s announcement post positions policy enforcement at execution time, not just at login.

The operational pitch is to separate routine and sensitive actions. Keycard’s product details say routine actions can run autonomously, while higher-risk operations trigger real-time step-up approval. The same keycard run flow is presented as a cross-agent wrapper for Claude Code, Codex, Cursor, ChatGPT, and OpenClaw, and the thread says those policies carry across laptops, sandboxes, and CI.

The launch is targeting a failure mode many teams already recognize: approval spam and over-privileged secrets. Keycard’s problem statement says developers click "Allow" so often that prompts stop functioning as real control, while the thread argues that static keys copied into .env files leave policy and credentials "completely disconnected."

That framing lines up with early practitioner response. In one reaction, Cedric Chee summarized the model as "task-scoped credentials" plus execution-time policy, which he said gets closer to "yolo mode without giving up control." A separate discussion from swyx described identity-based authorization as the key way to move beyond the binary choice between human-in-the-loop for everything and --dangerously-skip-permissions.