https://www.keycard.studio/
Article
-
Desktop tool that injects API keys directly into subprocess environments
-
Keys stored in local encrypted vault; never exposed in shell env or dotfiles
-
Aimed at preventing accidental key leakage via ps, logs, or env dumps
-
Positioned as a dev-first secrets manager for local workflows
Discussion
-
Security concern: same-user processes can still read env via
ps -Eww or /proc
-
Compared to 1Password CLI’s
op run which does the same injection pattern
-
Skeptics: trivial to replicate in 20 min with an agent; landing page looks like every other LLM SaaS
-
Questions about undisclosed cloud infrastructure storing credentials long-term
Discuss on HN