The Klavex blog

Notes on secrets, shells, and AI agents.

Engineering deep-dives, security thinking, and practical guides on keeping environment variables off disk and out of your coding agents' reach.

Featured Jun 9, 2026 · 5 min read

Stop AI coding agents from reading your `.env` secrets

Cursor, Claude Code, and every MCP server in your editor can read your .env any time — there's no way to scope them down. The fix isn't hiding the file, it's not having one: import your .env in one command, then inject secrets into the process at runtime instead.

Read article

Jun 5, 2026 · 8 min read

Secrets managers for small teams: Doppler vs Infisical vs Klavex

An honest comparison: how simple each is to run, whether secrets ever touch disk, and what it costs as you grow.

Read article

Get new posts in your inbox

Occasional, technical, no spam. Security notes and engineering write-ups when we publish them.

Notes on secrets, shells, and AI agents.

Stop AI coding agents from reading your .env secrets

Secrets managers for small teams: Doppler vs Infisical vs Klavex

Get new posts in your inbox

Stop AI coding agents from reading your `.env` secrets