Hide Secrets from AI Agents and NPM install using Airgap

How can an agent use these tokens then? If it sources the file can't it just read the env?

It also sounds like it is missing the important step of keeping the LLM credentials from the agents themselves. For example my GCP creds have access to far more than Vertex. This is solved by OneCLI and OpenShell via MITM proxies which seems more elegant to me. The tools live in containers and can't see anything but can use everything.

It also allows finer grained access controls, rating limiting, and there's talk of scanning for destructive actions.