Stashbase

Overview

Give AI agents the access they need without exposing secret values

Stashbase helps you run coding agents with the credentials they need while keeping secret values out of the agent's process environment. Instead of receiving a real API key or token, the agent receives a short-lived placeholder. Stashbase exchanges that placeholder only when the agent makes an approved HTTP(S) request to an approved host.

How it works

Your shell → stashbase agent run → coding agent

                                      │ placeholder in a supported request header

                              Stashbase credential broker


                              approved API destination

You define the secrets and destinations a workflow may use in an agent profile. The profile can read configured source names from a Stashbase environment, a local secrets file, or both.

Quick start

Create a stashbase-agent.toml file in a trusted project directory:

[agent_profiles.coding]
project = "my-project"
environment = "development"
egress_hosts = ["registry.npmjs.org"]

[agent_profiles.coding.secrets.GH_TOKEN]
hosts = ["api.github.com"]

Validate the policy before it is granted secrets, then launch your agent:

stashbase agent validate --profile coding --profile-source directory
stashbase agent run --profile coding --profile-source directory -- codex

The child process gets a placeholder named GH_TOKEN, never the real value. It may use that placeholder only for requests to api.github.com; package-registry traffic is permitted without receiving a credential.

Agent profiles are early access and reduce local credential exposure during normal workflows. They are not isolation from a malicious process running as the same user. Review repository profiles before running them with secrets.

Continue in the guide

On this page