Open-source Go CLI wraps AI coding agents with scoped, expiring credentials instead of long-lived API keys in .env files.
Kontext Security released Kontext CLI, an open-source command-line tool written in Go that acts as a credential broker for AI coding agents like Claude Code. Instead of hardcoding long-lived API keys in .env files, the tool injects short-lived, scoped tokens at session start via RFC 8693 token exchange and automatically expires them when the session ends. Every tool call and secret access is logged. It installs via Homebrew and wraps any agent with a single command: `kontext start --agent claude`.
AI agents running in your dev environment have had access to every secret in your .env files — and most teams are fine with that until they aren't. Kontext CLI intercepts that trust gap by brokering RFC 8693 token exchange, injecting short-lived credentials at session start, and auto-expiring them. The architecture uses a local Unix socket sidecar and ConnectRPC — no secrets ever sit in a file between sessions.
Install Kontext via Homebrew and run `kontext start --agent claude` in a project that already uses Claude Code — audit the generated session log to see exactly which tool calls the agent made and which credentials it touched.
Run: `brew install kontext-security/tap/kontext` in your terminal
Tags
Also today
Signals by role
Also today
Tools mentioned