Skip to content
API Reference
Guides
Secure Agentic Coding

Secure Agentic Coding

Use keycard run to secure your agentic coding sessions with automated credential management and Agent-native policy enforcement.

Agentic coding tools like Claude Code and Cursor need access to production databases, third-party APIs, and internal services to be useful. But giving agents broad access creates risk: one misunderstood prompt can lead to a destructive query or a leaked credential.

keycard run solves this by wrapping your coding agent in a secure session with automated credential management and enforced tool policies.

Getting Started

Section titled “Getting Started”

  1. Install the CLI:

    Terminal window
    brew install keycardai/tap/keycard

  2. Sign in to your Keycard account:

    Terminal window
    keycard auth signin --zone <zone-id>

  3. Add a .env.template with a Keycard managed resource credential:

    Terminal window
    GH_TOKEN={{kc+https://api.github.com}}

  4. Run your agent in a secure session:

    Terminal window
    keycard run -- claude

How It Works

Section titled “How It Works”

Keycard handles the rest:

  • Just-in-time credentials: Each time the agent uses a tool or calls an MCP server, Keycard issues a fresh, scoped credential. No secrets stored on disk or in your shell history.
  • Agent-native policy enforcement: Every tool use is evaluated against your organization’s policy before it executes. Dangerous operations are blocked automatically.
  • Centralized visibility: All agent activity is logged to your Keycard audit trail. Identify rogue agents, review usage patterns, and track credential access across your team.

Credential Provisioning

Section titled “Credential Provisioning”

Inside a keycard run session, credentials are provisioned as your agent needs them. When an agent requests access to a resource (a database, an API, an MCP server), Keycard exchanges a scoped token just-in-time.

This means agents only ever hold short-lived, narrowly-scoped credentials. If a session ends or a credential is revoked centrally, access stops immediately.

Policy Enforcement

Section titled “Policy Enforcement”

Policies control what your agents can and can’t do. When an agent attempts a tool use, Keycard evaluates the action against your policy and either permits or denies it.

For example, you can allow SELECT queries against a production database but deny DELETE or DROP operations, so a misunderstood instruction doesn’t become an incident.

Policies are managed centrally and enforced on all development devices. Adjust a policy once and it takes effect everywhere.