AI coding agents need secrets — API keys, database URLs, service tokens. The common pattern is pasting them into .env files or chat prompts. Both are bad: prompts get logged, .env files get committed, and there's no way to revoke access when the session ends.
murk gives agents access to secrets without exposing them in plaintext.
-
Never paste secrets into prompts. Agent conversations are logged, cached, and sometimes sent to third-party APIs. Once a secret is in a prompt, assume it's leaked.
-
Never give agents your
MURK_KEY. The key is your identity. If an agent has it, it can decrypt everything in the vault — and you can't revoke it without re-keying. -
Use
murk execto inject secrets. Instead of exporting secrets to the shell, run agent commands throughmurk execso secrets exist only in the subprocess environment:murk exec -- python deploy.py murk exec -- npm run migrate
-
Use
murk infofor schema prompting. Agents don't need secret values to understand what's available.murk infoandmurk info --jsonshow key names, descriptions, and examples — no decryption needed, noMURK_KEYrequired:murk info --json
Feed this into agent system prompts so they know what secrets exist and how to reference them, without ever seeing the values.
-
Use
murk skeletonto share schema. For distributing vault structure to agents or new team members without any encrypted data:murk skeleton -o skeleton.murk
Future versions of murk will support scoped agent keys — short-lived recipient keys you create for an agent session, authorize for specific secrets, and revoke when done. Until then, murk exec and murk info are the safe path.