How I Built Aegis — A Credential Isolation Proxy for AI Agents

AI agents are getting really good at calling APIs. But the way we usually give them access — pasting raw API keys into config files, env vars, or MCP settings — is broken from a security perspective. Stop putting API keys where AI agents can read them. I built Aegis to help keep raw API keys out of AI agents. Aegis is a local-first credential isolation proxy that sits between your AI agent and the APIs it calls. The agent makes HTTP requests to localhost:3100/{service}/path, and Aegis injects the real credentials on the outbound request. The agent never sees, stores, or transmits the actual keys. This post covers why I built it, the key architecture decisions, and what I learned along the way. The Problem That Bothered Me I was using Claude Desktop with a few MCP servers, and I noticed something that made me uncomfortable: every MCP server config had my API keys sitting in plaintext JSON. The Slack token, the GitHub PAT, the Stripe key — all right there in claude_desktop_config.json. A