MyPrivateClaw logo
MyPrivateClaw
Private AI Directory
Security 13 min readMar 30· Updated Apr 11, 2026✓ Verified Mar 30, 2026

HashiCorp Vault for AI Agents: Stop Your Secrets From Leaking

AI agents that read files, browse the web, and call APIs are a new attack surface. Vault gives each agent a short-lived, least-privilege credential that expires automatically.

hashicorp-vault secrets ai-agents security api-keys devops

An AI agent with a long-lived API key is a liability. If the agent is compromised through prompt injection, logs its context window to disk, or has its memory files accessed by another process, your RunPod account, your database, and your cloud provider credentials are all exposed simultaneously. HashiCorp Vault solves this with short-lived dynamic credentials: instead of giving your agent a permanent API key, Vault issues a credential that expires in 1 hour, can only access the specific resources the agent needs, and leaves an audit trail of every access.

THE EDGE — WEEKLY DIGEST

Get more guides like this in your inbox

No spam. Unsubscribe anytime.

The Problem with .env Files

The standard pattern for giving an AI agent API access is an .env file containing a long-lived API key. This has three failure modes: the key is valid indefinitely (if it leaks, the attacker has permanent access), the key typically has broad permissions (a RunPod API key that can create pods can also delete them), and there is no audit trail. Vault addresses all three: credentials are short-lived, scoped to minimum permissions, and every access is logged.

WARNINGNever commit .env files to git, even in private repositories. GitHub's secret scanning will flag them, but by the time you're notified, the key has been exposed. Use Vault or a secrets manager from day one.

Set Up Vault with AppRole Auth

AppRole is the recommended authentication method for machine-to-machine access. It uses a Role ID (like a username) and a Secret ID (like a password) to authenticate:

bash
vault auth enable approle

cat > agent-policy.hcl << 'EOF'
path "secret/data/runpod" { capabilities = ["read"] }
path "secret/data/brave-search" { capabilities = ["read"] }
path "*" { capabilities = ["deny"] }
EOF

vault policy write ai-agent agent-policy.hcl

vault write auth/approle/role/ai-agent \
  token_policies="ai-agent" \
  token_ttl=1h \
  secret_id_ttl=10m \
  secret_id_num_uses=1

Agent Authentication in Python

In your AI agent code, authenticate to Vault at startup and fetch credentials dynamically. Never hardcode credentials or read them from environment variables:

python
import hvac, os

client = hvac.Client(url=os.environ["VAULT_ADDR"])
response = client.auth.approle.login(
    role_id=os.environ["VAULT_ROLE_ID"],
    secret_id=os.environ["VAULT_SECRET_ID"],  # Single-use, expires in 10 min
)
print(f"Token TTL: {response['auth']['lease_duration']}s")

# Fetch credentials at runtime
secret = client.secrets.kv.v2.read_secret_version(
    path="runpod", mount_point="secret"
)
runpod_key = secret["data"]["data"]["api_key"]
TIPThe Secret ID should be fetched from a secure bootstrap mechanism — a CI/CD system, a Kubernetes secret, or a one-time delivery mechanism. Never store the Secret ID in a long-lived environment variable.

Infisical: The Open-Source Alternative

If HashiCorp's BSL license is a concern, Infisical is a fully open-source (MIT license) alternative with a nearly identical feature set. Infisical has a cleaner web UI, native Kubernetes integration, and a free cloud tier. For a self-hosted private AI setup where secrets never leave your infrastructure, the self-hosted version (Docker Compose or Kubernetes) is the recommended option.

Read next

RELATED GUIDES