Terms of Service

Open-Source Software

Agent Secret is a personal open-source project. The source code is licensed under the MIT License in the GitHub repository. If these terms conflict with rights granted by the MIT License for the source code, the license controls for that source code.

No Hosted Secret Service

Agent Secret is designed as a local approval broker. The project does not provide a hosted account, hosted vault, managed secret store, or commercial service-level agreement. You are responsible for your own devices, provider accounts, credentials, access policies, and downstream commands.

Use At Your Own Risk

Agent Secret is pre-1.0 software and is provided as-is, without warranties. You should test it with non-production credentials before relying on it for sensitive workflows. Do not approve a request unless you understand the command, working directory, provider account, and secret references that will receive access.

Security Boundary

Agent Secret can help keep secret values out of config files and make approvals more explicit. It is not a sandbox, malware detector, centralized policy engine, or guarantee that an approved child process will handle secrets correctly. After you approve delivery to a command, that command and its subprocesses may be able to read or leak the values they receive.

Provider Integrations

Agent Secret integrates with third-party providers such as 1Password and may add Google OAuth and GCP token minting support. You are responsible for complying with those providers' terms, configuring least-privilege access, and revoking access when it is no longer needed.

If you authorize a Google integration, you allow Agent Secret to use the scopes shown by the app, configuration, or approval flow for the local operation you request. You remain responsible for the Google Cloud projects, service accounts, IAM roles, and commands that use the resulting credentials.

Acceptable Use

Do not use Agent Secret to access systems you are not authorized to use, bypass provider policies, exfiltrate credentials, or violate applicable law. Do not submit public issues, discussions, screenshots, logs, or pull requests that contain raw secret values or private credential metadata.

Third-Party Services

GitHub, Homebrew, 1Password, Google, and any downstream tools you run with Agent Secret are separate services or software projects with their own terms and policies. Agent Secret is not responsible for their availability, behavior, pricing, data handling, or security incidents.

Security Reports

Responsible security reports are welcome. Use GitHub private vulnerability reporting: github.com/kovyrin/agent-secret/security/advisories/new . Avoid sending exploit details or sensitive metadata in public issues.

Changes

These terms may change as the project evolves. Continued use of the website or published application artifacts after a change means you accept the updated terms for that use.