Stop Sending Your .env to OpenAI: A Privacy Layer for OpenCode

AI coding agents are the most productive and the most dangerous tools on your machine. They read your files, execute shell commands, write infrastructure code, and reason about your entire project context. To do any of this well, they need access to the real stuff: API keys, database credentials, JWTs, connection strings. The kind of values that live in .env files and should never leave your device. But they do leave your device. Every single message you send to your coding agent (including the one where you pasted your Stripe secret key to debug a webhook) is transmitted to an LLM provider's inference endpoint. The model sees everything. This is the fundamental tension: the agent needs your secrets to be useful (or at least to be autonomous), but the LLM doesn't need to see your secrets to reason about them. We built a plugin to resolve this. Today we're releasing @rehydra/opencode , a privacy layer for OpenCode that anonymizes secrets before they reach the LLM and restores them befor

Stop Sending Your .env to OpenAI: A Privacy Layer for OpenCode

Related Articles

Book Overview: The Clean Coder

MIT’s Test 2012: Subtract 27² from 25³

T-Mobile will give you an iPhone 17 for free - here's how the deal works

Our Favorite Turntable Is $51 Off Before Record Store Day

Addressing global removal race in Wayland

Related Articles

News
Book Overview: The Clean Coder
Medium Programming • 23m ago

News
MIT’s Test 2012: Subtract 27² from 25³
Medium Programming • 24m ago

News
T-Mobile will give you an iPhone 17 for free - here's how the deal works
ZDNet • 31m ago

News
Our Favorite Turntable Is $51 Off Before Record Store Day
Wired • 37m ago

News
Addressing global removal race in Wayland
Lobsters • 54m ago