AI代理Vault代理
经 AI Skill Hub 精选评估,AI代理Vault代理 获评「推荐使用」。这款Agent工作流在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 7.5 分,适合有一定技术背景的用户使用。
📚 深度解析
AI代理Vault代理 工作流的设计遵循"最小配置,最大复用"原则:核心逻辑已经封装好,用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制,在网络波动或 API 限速等情况下仍能稳定运行,适合作为生产环境的自动化基础设施。
在实际部署时,建议先在测试环境中运行 3-5 次,验证各个环节的输出结果符合预期,再部署到生产环境。AI Skill Hub 评分 7.5 分,是同类 Agent 工作流中的精选推荐。
📋 工具概览
实时生成API密钥,保护AI代理和进程安全
AI代理Vault代理 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
📖 中文文档
实时生成API密钥,保护AI代理和进程安全
AI代理Vault代理 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
# 方式一:pip 安装(推荐)
pip install agent-vault-proxy
# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install agent-vault-proxy
# 方式三:从源码安装(获取最新功能)
git clone https://github.com/inflightsec/agent-vault-proxy
cd agent-vault-proxy
pip install -e .
# 验证安装
python -c "import agent_vault_proxy; print('安装成功')"
- 访问 GitHub 仓库获取工作流文件
- 在对应平台(Dify / Flowise / Make 等)中找到「导入工作流」功能
- 上传工作流文件
- 按照提示配置必要的环境变量和 API Key
- 运行测试确认流程正常后投入使用
# 命令行使用
agent-vault-proxy --help
# 基本用法
agent-vault-proxy input_file -o output_file
# Python 代码中调用
import agent_vault_proxy
# 示例
result = agent_vault_proxy.process("input")
print(result)
# agent-vault-proxy 配置文件示例(config.yml) app: name: "agent-vault-proxy" debug: false log_level: "INFO" # 运行时指定配置文件 agent-vault-proxy --config config.yml # 或通过环境变量配置 export AGENT_VAULT_PROXY_API_KEY="your-key" export AGENT_VAULT_PROXY_OUTPUT_DIR="./output"
agent-vault-proxy
Just-in-time API keys for AI agents - and any other process you route through it: the caller only ever sees a placeholder.
Your agent (dev laptop, CI runner, cron job, etc) gets a fake placeholder string (like sk-PLACEHOLDER-...) and uses it as if it were a real API key. This proxy sits between the caller and the internet, and swaps the fake for the real secret at the last possible moment - on the way out to the upstream API. If the caller gets prompt-injected, dumps a log, or runs a program with a software-supply-chain issue, the only thing that escapes is the fake placeholder. The real key never enters the calling process.
Under the hood: a loopback HTTPS proxy that fetches credentials from Bitwarden Secrets Manager — cloud or self-hosted — just-in-time and injects them into outbound requests, so the calling process never holds the real credential bytes in its address space.
Setup (one-time)
Three steps. Once you've done this, every new API key is just "add to Bitwarden + a few lines of YAML + restart": see Add a secret below.
- Bitwarden Secrets Manager, enable it on your org, create a project for this host, create a machine account with read access to the project, generate a token. ~10 minutes the first time. Walkthrough.
- Install + start the daemon. Pick the install path that matches your host:
<details open> <summary><b>Linux (recommended — hardened systemd install)</b></summary>
Full walkthrough: docs/install-systemd.md. ~10 minutes the first time. The doc:
- creates a dedicated
avpUNIX user with no shell, no home directory, - pip-installs the published wheel from PyPI (
pip install --only-binary :all: agent-vault-proxy==0.4.3) into a system-wide venv at/opt/agent-vault-proxy/.venv—--only-binary :all:refuses source distributions, so a compromised transitive dep can't run code at install time, - drops your BWS token at
/etc/agent-vault-proxy/bws-token(root-owned,avp-readable) and your bindings at/etc/agent-vault-proxy/bindings.yaml, - installs a locked-down systemd unit (
ProtectSystem=strict,RestrictAddressFamilies, syscall filter,chattr +aappend-only audit log) — sandbox controls Docker can't offer.
Token, bindings, audit log, and CA cert all live under /etc/agent-vault-proxy/ and /var/{lib,log}/agent-vault-proxy/. </details>
<details> <summary><b>Cross-platform / quick start (macOS, Windows-WSL2, or a Linux dev box)</b></summary>
# Pick a tagged release, not `main` — tags are how you opt into a vetted
# version. Tracking `main` exposes you to a window where a compromised
# maintainer account could push a malicious commit before anyone notices.
git clone -b v0.4.3 --depth 1 https://github.com/inflightsec/agent-vault-proxy && cd agent-vault-proxy
mkdir -p secrets && bash -c '( umask 077 && read -rsp "BWS access token: " T && printf "%s" "$T" > secrets/bws-token && echo )'
cp bindings.example.yaml bindings.yaml && $EDITOR bindings.yaml
docker compose up -d
Faster setup; weaker isolation than systemd. Threat model + caveats in docs/docker.md.
⚠️ Two hard prerequisites for the Docker path: (1) your AI agent's UID must NOT have docker daemon access — docker-group membership ≈ host root, which lets the agentdocker execthe CA private key + BWS token out of the proxy. (2) Do NOT add other containers to the proxy'savp-netnetwork. If either is hard to guarantee on your host, use the systemd install path instead.
A pre-built, cosign-signed container image at ghcr.io/inflightsec/agent-vault-proxy:<tag> is planned for v0.5.0 — cosign verify + docker pull will replace the clone-and-build step. Until then, build locally from the cloned tag. </details>
- Point your agent at the proxy:
First, copy the mitmproxy-generated CA cert into the calling shell's working dir. The location depends on install path:
# systemd install (see install-systemd.md step 5):
sudo cp /etc/agent-vault-proxy/ca.pem ./ca.pem && sudo chown "$USER" ./ca.pem
# Docker install:
docker cp agent-vault-proxy:/var/lib/agent-vault-proxy/.mitmproxy/mitmproxy-ca-cert.pem ./ca.pem
Then point the agent at the proxy + give it the placeholder:
export HTTPS_PROXY="http://127.0.0.1:14322" NODE_EXTRA_CA_CERTS="$PWD/ca.pem" SSL_CERT_FILE="$PWD/ca.pem"
export GITHUB_PAT="github_pat_PLACEHOLDER_01HXY1234ABCDEFGHIJ"
curl -H "Authorization: Bearer $GITHUB_PAT" https://api.github.com/user
Agent's env holds only the placeholder. The real key never enters the process.
export GITHUB_PAT="github_pat_PLACEHOLDER_01HXY1234" export HTTPS_PROXY="http://127.0.0.1:14322"
bindings.yaml — what the agent sees vs. what the upstream sees
secrets: GITHUB_PAT: placeholder: "github_pat_PLACEHOLDER_01HXY1234" # the agent's env holds THIS inject: header: "Authorization" format: "Bearer {GITHUB_PAT}" # {GITHUB_PAT} = real value AVP fetches # from your backend for the entry above. # {secret} also works as a generic alias. bindings: - host: "api.github.com" # only swapped for this destination methods: [POST] # agent can open things... paths: ["/repos///pulls"] # ...but only "open a PR" - not delete, not merge
高质量的AI工作流API密钥管理工具
- 需要 agent-vault-proxy 解决具体问题的开发者与运营人员
- 先在测试环境跑通最小用例,再接入生产数据
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- Python 依赖冲突:建议用 venv / uv 隔离环境
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 需要 agent-vault-proxy 解决具体问题的开发者与运营人员
- 先在测试环境跑通最小用例,再接入生产数据
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- Python 依赖冲突:建议用 venv / uv 隔离环境
👥 适合人群
🎯 使用场景
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
⚖️ 优点与不足
- +MIT 协议,可免费商用
- +大幅减少重复性人工操作
- +可视化流程,清晰直观
- +可扩展性强,支持复杂场景
- −初始配置和调试需投入一定时间
- −强依赖外部服务的稳定性
- −复杂场景需具备一定技术基础
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
🔗 相关工具推荐
❓ 常见问题 FAQ
AI Skill Hub 点评:AI代理Vault代理 的核心功能完整,质量良好。对于自动化工程师和运维人员来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | agent-vault-proxy |
| 原始描述 | 开源AI工作流:Just-in-time API keys for AI agents - and any other process you route through it。⭐11 · Python |
| Topics | AI代理VaultPython |
| GitHub | https://github.com/inflightsec/agent-vault-proxy |
| License | MIT |
| 语言 | Python |
收录时间:2026-06-03 · 更新时间:2026-06-03 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。