Infisical Open-Source Agent Vault: agents never touch secrets—intercept and inject on the HTTPS layer as a unified process

CryptoWorld Network news reports that Tony Dang, co-founder of Infisical, has announced the open-sourcing of Agent Vault, a forward HTTP proxy and key vault designed specifically for AI agents, currently available as a research preview. The core idea of this system is that an agent should not hold keys directly, but instead inject them through the proxy layer when making outbound requests. Traditional key management distributes keys directly to workloads, but agents are non-deterministic and may be induced by prompt injection to leak keys. Attackers can poison documents or malicious webpages to cause the agent to send keys to endpoints controlled by the attacker. Agent Vault inserts a forward proxy between the agent and external services: the agent only needs to set the https_proxy environment variable and trust Agent Vault’s CA certificate, and all outbound requests automatically pass through the proxy. Agent Vault terminates TLS, intercepts requests, retrieves keys from encrypted storage, injects the keys into request headers, and then establishes a new TLS connection to the real upstream. Similar ideas have appeared in multiple companies; Agent Vault is the first open-source, platform-agnostic implementation.