Updates, ideas, and what we're building.

🖱️ April 14, 2026

How to Keep Your API Keys Safe When Using Cursor

Cursor indexes your workspace for AI suggestions. If your .env file is in the workspace, your secrets are in the index. Here's the fix.

Read article 🔧 April 11, 2026

Claude Code Security Best Practices — Protect Your Secrets and Your Codebase

Claude Code has full file system access. Here's how to use it safely — from .env protection to encrypted handoffs.

Read article 🔌 April 8, 2026

Using MCP to Give AI Agents Safe Access to Secrets

The Model Context Protocol lets AI tools call external services. Here's how to use it for secrets without exposing raw values.

Read article 💰 April 5, 2026

Free Alternatives to 1Password CLI for macOS Developers

1Password CLI costs $36/year. Here are free options that store secrets just as securely — including one that adds AI agent protection.

Read article 🏆 April 2, 2026

The 5 Best macOS Secrets Managers for Developers in 2026

We tested every macOS secrets manager worth using. Here's what actually works for developer workflows — and what doesn't.

Read article 🔄 March 26, 2026

The Best dotenv Alternatives in 2026 — And Why .env Files Need to Go

dotenv served us well. But with AI agents reading project files, plaintext secrets are a liability. Here are 6 better options.

Read article 🔒 March 24, 2026

The Encrypted Handoff — How to Give AI Agents Secrets Without Exposing Them

Your AI agent needs your API key but shouldn't see it. Here's the pattern: detect the agent, encrypt the value, deliver via self-deleting script.

Read article 🗑️ March 21, 2026

Why We Deleted Every .env File — And What Replaced Them

47 .env files, duplicated API keys, expired tokens. We replaced them all with macOS Keychain storage. Here's the full migration.

Read article 🔐 March 18, 2026

macOS Keychain Tutorial for Developers — Store API Keys the Right Way

Your Mac has a hardware-encrypted credential store. Here's how to use it for API keys, tokens, and secrets instead of .env files.

Read article 🔑 March 15, 2026

NoxKey — A macOS Secrets Manager With Touch ID and AI Agent Detection

Store API keys in macOS Keychain with Touch ID. NoxKey detects AI agents automatically and delivers secrets via encrypted handoff.

Read article 🛡️ March 11, 2026

How to Protect Your API Keys From AI Coding Agents

AI agents can read every .env file on your machine. Here are 5 concrete ways to stop them from exposing your secrets.

Read article 🌳 March 7, 2026

How We Built Process-Tree Agent Detection

Walk the macOS process tree to detect AI agents requesting secrets, then switch to encrypted handoff. Here's the full implementation.

Read article ⚠️ March 4, 2026

Yes, AI Agents Can Read Your .env Files — Here's What to Do About It

Claude Code, Cursor, and Copilot have full file system access. Your .env files are plaintext. Do the math.

Read article 🤖 February 28, 2026

6 Ways AI Agents Leak Your API Keys and Secrets

AI coding agents read .env files, echo credentials in debug output, and store tokens in logs. Here's how each leak happens and how to fix it.

Read article 🧹 February 14, 2026

The Developer's Guide to Credential Hygiene

12.8 million secrets leaked on GitHub in 2024. Most weren't hacks — they were habits. Here are the 7 worst and how to fix them.

Read article 👆 February 7, 2026

How Touch ID Protects Your API Keys — A Hardware Security Boundary

Touch ID uses the Secure Enclave for per-access biometric auth on every secret. No unlock window. No master password. Silicon, not software.

Read article 🔐 January 24, 2026

macOS Keychain for Developers: A Practical Guide

Your Mac has an encrypted, hardware-backed credential store with Touch ID. Here's how to actually use it for API keys and secrets.

Read article 🚨 January 10, 2026

Stop Putting API Keys in .env Files — Use Your OS Keychain Instead

The dotenv pattern has no encryption, no auth, no access control. In 2026, with AI agents reading project files, it is a liability.

Read article