Remix.run Logo
bearjaws 6 hours ago

All of them are going to read your secrets, OpenCode does it too.

Reality is, I have seen agents read .env, bash history, keychain (if you let them), etc.

There is quite literally no way you are going to save off just your little secret somewhere it won't be able to read it, all software needs to read it ~eventually~

So it's best to sandbox and reset credentials frequently.