Stop Storing LLM API Keys in Plaintext `.env` Files — Introducing LLM Key Ring (`lkr`)

TL;DR Storing LLM API keys in .env files carries risks that have become harder to ignore in the age of AI agents. I built LLM Key Ring ( lkr ) — a CLI tool written in Rust that stores keys in the macOS Keychain with encryption. Keychain storage — no plaintext files left on disk lkr exec for env var injection — keys never touch stdout, files, or clipboard; this is the primary workflow TTY guard — blocks raw key output in non-interactive environments (defense against AI agent exfiltration) https://github.com/yottayoshida/llm-key-ring Motivation: “It’s in .gitignore , so it’s fine” No Longer Holds Working with LLMs means API keys pile up fast — five, ten of them sitting in a .env file before you know it. # .env OPENAI_API_KEY=sk-proj-... ANTHROPIC_API_KEY=sk-ant-... The problem is simple: once plaintext lives “somewhere,” the attack surface expands. Accidental commits ( .gitignore is only as reliable as human discipline) Keys leaking into shell history, command-line arguments, or logs If

Stop Storing LLM API Keys in Plaintext `.env` Files — Introducing LLM Key Ring (`lkr`)

Related Articles

I Made a Keyboard Nobody Asked For: My Experience Making TapType

Anthropic is having a month

The Repressed Demand for Software

Amazon is offering up to 50 percent off chargers from Anker and others for its Big Spring Sale

Reading leaked Claude Code source code

Related Articles

News
I Made a Keyboard Nobody Asked For: My Experience Making TapType
Lobsters • 7h ago

News
Anthropic is having a month
TechCrunch • 7h ago

News
The Repressed Demand for Software
Medium Programming • 8h ago

News
Amazon is offering up to 50 percent off chargers from Anker and others for its Big Spring Sale
The Verge • 8h ago

News
Reading leaked Claude Code source code
Lobsters • 9h ago