Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Scoped, expiring API keys for AI agents (github.com/kagehq)
4 points by lexokoh 8 months ago | hide | past | favorite | 4 comments
I’ve been experimenting with AI agents lately, and one problem kept coming up: they either get a raw API key with full access or nothing at all. That’s risky, especially if you’re testing agents that can make arbitrary calls.

So I hacked together a tiny package called Kage Keys - https://github.com/kagehq/keys

It lets you wrap agent actions with scoped, short-lived tokens instead of handing over your real API keys.

Example:

```js import { withAgentKey, getLogs } from "@kagehq/keys";

async function main() { await withAgentKey("github:repos.read", async () => { console.log("Agent is calling GitHub API..."); });

  console.log(await getLogs());
}

main();

Right now it:

- Generates scoped, expiring tokens (default 10s)

- Logs every action to kage-keys.log

- Works as a drop-in wrapper for async functions

It’s just an MVP (tokens are fake UUIDs), but I want to see if developers find this helpful before building the production version with real crypto + proxy enforcement.

Repo: https://github.com/kagehq/keys

npm: https://www.npmjs.com/package/@kagehq/keys

Would love feedback, especially from anyone running agents in production or dealing with API key sprawl.



interesting project, what is the primary use-case for something like this? i'm still giving the agent access anyway or is it just scoped-access? i'm trying to understand how the short-lived nature of these keys can help


Thank you. Instead of giving the agent your real API key, it gets a scoped, short-lived capability (e.g. “can post 1 message to Slack channel X in the next 30s”).

The short-lived nature means that if the token is leaked or the agent goes rogue, the blast radius is tiny, you can instantly revoke/deny new mints, and you get full audit and policy control. It turns “here’s my permanent master key” into “here’s a disposable permit slip for just this action.”

Let me know if that makes sense.


Makes sense — handing full API keys to agents is a huge risk surface. Even with fake UUIDs at MVP stage, the scoped/expiring pattern seems useful. Curious if you’ve thought about integrating with existing secrets managers (Vault, Doppler, etc.) instead of rolling custom crypto later on.


Thank you. Yes, it's one of the things I'm already looking into. So will work well with any Secrets manager, not compete with them.

Curious if you'd want to use it?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: