Status: [LIVE] Endpoints found: https://api.anthropic.com/v1/messages Source: https://github.com/mmartinez/postern # Postern [](https://github.com/mmartinez/postern/actions/workflows/ci.yml) [](LICENSE) [](docs/providers.md) [](docs/providers.md) > **Your AI agents call authenticated APIs without ever holding the credentials.** Postern is a credential-brokering HTTPS proxy. Agents send requests with no API keys (or with harmless placeholders); postern matches the destination host against your rules, fetches the real secret from your **1Password or Bitwarden** vault at request time, and injects it on the way out. The agent only ever sees placeholders. **Works with [1Password](https://1password.com/) (Service Accounts) and [Bitwarden](https://bitwarden.com/products/secrets-manager/) Secrets Manager** — credential providers are [pluggable](docs/providers.md). **Why it matters:** an agent that can read a credential is a credential an attacker can exfiltrate through prompt injection or a compromised dependency. Brokering moves the secret out of the agent's reach entirely — the blast radius of a compromised agent no longer includes your API keys. ## See it Your agent makes a normal request through the proxy, with **no `Authorization` header**: ```sh curl -x http://localhost:1701 \ https://api.anthropic.com/v1/messages \ -d '{ "model": "claude-sonnet-4-6", "messages": [ ... ] }' # ↑ no API key anywhere in the agent's environment or request ``` Postern matches `api.anthropic.com`, resolves `bw://…`/`op://…` from your vault, injects the key, and forwards the now-authenticated request. The upstream sees a valid call; the agent never touched the secret. On any resolver error postern **fa