danieltamas/cloak

Protect .env secrets from AI coding agents. CLI (Rust) + VS Code extension. AES-256-GCM vault, OS keychain, Touch ID, smart sandbox values. Agents see fakes — you see the real ones.

25
/ 100
Experimental

It encrypts `*.env` files, replacing real secrets with structurally valid sandbox values on disk. A VS Code extension automatically decrypts and displays real values within the editor, while a Rust CLI handles runtime environment variable injection for applications and provides an authentication gate using OS keychain and Touch ID/password. This local-only system generates a human-readable recovery key and hashes CLI passwords with PBKDF2-SHA256.

No Package No Dependents
Maintenance 13 / 25
Adoption 3 / 25
Maturity 9 / 25
Community 0 / 25

How are scores calculated?

Stars

3

Forks

Language

Rust

License

MIT

Category

agent-credential-security

Last pushed

Mar 18, 2026

Commits (30d)

0

GitHub
Agent Credential Security · 77 agents

Get this data via API

curl "https://pt-edge.onrender.com/api/v1/quality/agents/danieltamas/cloak"

Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.

Featured in

Agent Governance in 2026: Who's Building the Guardrails?

Higher-rated alternatives

quantifylabs/aegis-memory

Secure context engineering for AI agents. Content security · integrity verification · trust...

54

kahalewai/dual-auth

Dual-Auth provides AGBAC dual-subject Authorization for AI Agents and Humans using existing IAM...

45

The-17/agentsecrets

Zero-knowledge secrets infrastructure built for AI agents to operate, not just consume.

45

lelu-auth/lelu

The authorization layer for AI Agents

43

onecli/onecli

Open-source credential vault, give your AI agents access to services without exposing keys.

42

Explore AI Agents

All categories Trending AI Agent directory Insights