Kontext CLI — a credential broker that wraps AI coding agents in short‑lived keys

April 14, 2026
aisecuritybusinessstreaming

Kontext CLI is an open‑source Go tool that aims to stop the .env apocalypse. It wraps AI coding agents (currently Claude Code) with OIDC authentication, RFC 8693 token exchange, and ephemeral, scoped credentials that are injected at session start and vanish when the session ends. The project says agents never store keys; it has been reported that every tool call can be streamed to a Kontext dashboard for audit and governance. Tired of long‑lived API keys floating around in repos? Same — this one’s pitched as a practical fix.

How it works

You declare required credentials in a single .env.kontext file (GITHUB_TOKEN={{kontext:github}}, STRIPE_KEY={{kontext:stripe}}, etc.). Run kontext start --agent claude, the CLI opens a browser for OIDC login, pulls a refresh token into your system keyring, exchanges placeholders for short‑lived tokens, spawns the agent with those tokens injected as env vars, and tears the session down when you’re done. The flow is native Go — no Node, no Python, no daemon — and uses AES‑256‑GCM for encryption at rest. It’s straightforward, and intentionally familiar to developers: one command, no heavy setup.

Why it matters

Ephemeral credentials, declarative templates, and per‑session telemetry answer a real pain point as AI agents need access to GitHub, stripe, databases and more. Commit the template to your repo, and teammates get the same credential wiring without shipping secrets. The pitch leans on governance: PreToolUse/PostToolUse and other hook events can be attributed to user and session for auditing — allegedly streamed to the backend. It reads like Vault for AI agents, but aimed at keeping developer workflows unchanged while tightening security.

Kontext is available via Homebrew or direct GitHub releases, and the team lists Claude Code as the active agent (Cursor and Codex planned). Is this the secret‑management panacea teams have been waiting for? Not quite — integration complexity, provider support and trust in a third‑party broker still matter — but if you’re anxious about secrets sprawl, Kontext looks like a pragmatic step toward safer agentized development.

Sources: github.com/kontext-dev, Hacker News