Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The 1pass CLI is great! However if you aren’t using 1password as your secrets vault, I’m building an open source, vault-agnostic alternative called RunSecret (https://github.com/runsecret/rsec)


You may want to do your own Show HN about it, so folks don't have to be "MCP curious" to find out that it exists

That said, given https://github.com/runsecret/rsec#aws-secrets-manager presumably in order to keep AWS credentials off disk one would then have to have this?

    "vantage-mcp-server": {
      "command": "/opt/homebrew/bin/aws-vault",
      "args": [
      "exec", "--region=us-east-1", "my-awesome-profile",
      "--", "/opt/homebrew/bin/rsec", "run",
      "--", "/opt/homebrew/bin/vantage-mcp-server"
      ],
      "env": {"VANTAGE_BEARER_TOKEN":  "rsec://012345678912/sm.aws/VantageBearerToken?region=us-east-1"}
    }
in contrast to the op binary that is just one level of indirection, since they already handshake with the desktop app for $(op login) purposes


This is great feedback, thank you!

I agree RunSecret adds a level of indirection at this stage that op doesn’t (if you are using 1pass). This is something I plan to polish up once more vaults are supported. You’ve given me some ideas on how to do that here.

And thanks for the advice on doing a Show HN, planning to do so once a few more rough edges are smoothed out.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: