Good point. You would need to inject the secrets in an inaccessible part of the pipeline, like an external proxy.
Like deno sandbox https://deno.com/deploy/sandbox
Tailscale's new aperture also solves this elegantly: https://aperture.tailscale.com/
But that's moving the whole LLM agent into the cloud, which creates its own difficulties. Not really a solution to the local secrets problem.
Like deno sandbox https://deno.com/deploy/sandbox
Tailscale's new aperture also solves this elegantly: https://aperture.tailscale.com/
But that's moving the whole LLM agent into the cloud, which creates its own difficulties. Not really a solution to the local secrets problem.