Skip to content

Add idea: credential-less agent processes#8

Merged
rkoster merged 1 commit into
cloudfoundry:mainfrom
rrashidov:idea/credential-less-agent-processes
Jul 8, 2026
Merged

Add idea: credential-less agent processes#8
rkoster merged 1 commit into
cloudfoundry:mainfrom
rrashidov:idea/credential-less-agent-processes

Conversation

@rrashidov

Copy link
Copy Markdown
Contributor

What is this idea about?

Credentials handed to an agent process — API keys, OAuth tokens, bound service credentials — are one prompt injection away from exposure. The process that can call the model is also the process that can be told to print its environment.

The proposal: CF should let a developer bind a provider without the credential ever entering the process. The developer declares the binding in the manifest (e.g. bindings: [anthropic]); at runtime the app calls a localhost sidecar that proxies the request to the real provider using a credential it holds but the app cannot read. From the app's perspective it speaks the standard provider API — it just never sees the key. Revoking or rotating the credential is an operator action, not a redeployment. How the credential is stored, how the sidecar is provisioned, and how per-user multi-tenant bindings work is left open for platform experts to propose.

Checklist

  • File lives in ideas/ with a lowercase kebab-case filename (ideas/credential-less-agent-processes.md)
  • Has a title (YAML title: present)
  • Tags added (identity, sandboxing-isolation)
  • On-topic for agentic workloads on Cloud Foundry
  • Cross-links to sibling ideas

Related

@rkoster
rkoster merged commit df909bd into cloudfoundry:main Jul 8, 2026
2 checks passed
@rrashidov
rrashidov deleted the idea/credential-less-agent-processes branch July 8, 2026 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants