According to monitoring by Dongcha Beating, Tony Dang, co-founder of key management company Infisical (YC incubated, processing billions of keys monthly), announced the open-source release of Agent Vault, an HTTP forward proxy and key vault specifically designed for AI agents, currently in research preview. The core idea is that agents are untrusted and should not directly hold any keys; instead, the proxy layer injects them during outbound requests. Traditional key management directly distributes keys to workloads, which works fine for programs with fixed execution paths, but agents are non-deterministic and can be induced by prompt injections to leak keys from the environment. Attackers can use poisoned documents, malicious web pages, and other methods to make agents send keys to endpoints controlled by the attacker. Even with protections in place, there is no guarantee that the agent won't be manipulated. The approach of Agent Vault is to insert a forward proxy between the agent and external services. The agent only needs to set the HTTPS_PROXY environment variable and trust the CA certificate of Agent Vault; all outbound requests are automatically routed through the proxy. Agent Vault terminates TLS, intercepts requests, retrieves the corresponding key from encrypted storage to inject into the request headers, and then establishes a new TLS connection with the real upstream for forwarding. The agent never comes into contact with the keys and does not require workflow modifications. The design is interface-agnostic: whether the agent calls external services via API, CLI, SDK, or MCP, all outbound connections ultimately go through HTTPS, where interception occurs uniformly. Similar ideas have independently emerged in several companies: Anthropic's Managed Agents architecture uses proxy services to inject keys, while Vercel and Cloudflare have launched their own credential brokering solutions tied to their platforms. Agent Vault is the first open-source, platform-agnostic implementation in this direction.