![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![What Google Messages features are rolling out [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iPadOS 19 Will Be More Like macOS [Gurman]](https://www.iclarified.com/images/news/97001/97001/97001-640.jpg)
![Apple TV+ Summer Preview 2025 [Video]](https://www.iclarified.com/images/news/96999/96999/96999-640.jpg)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
Stop Sharing API Keys! Announcing AgentVault v0.1.0 - Open Source Toolkit for Secure AI Agent Comms (A2A/MCP)
Hey Developers! Anyone else feeling the API key fatigue? Every new AI model, every cool specialized agent seems to want your powerful (and expensive!) OpenAI, Anthropic, or other keys. Stashing them in .env files across projects feels messy, and sharing them with third-party agent services feels... well, risky. On top of that, getting different agents to actually talk to each other consistently is still like the wild west. That's exactly why I started building AgentVault! It's my attempt to bring some structure, security, and interoperability to this space, and I'm excited to share the first release (v0.1.0) as an open-source project. GitHub: https://github.com/SecureAgentTools/AgentVault Core Library on PyPI: pip install agentvault The Core Idea: Decentralize Keys, Standardize Talk AgentVault is built on a few key principles: Your Keys Stay Local: Your primary, high-value API keys never leave your machine. The system is designed so you manage them locally, and they aren't uploaded or exposed to a central service. Standardized Communication (A2A & MCP): Interactions are based on the concepts emerging in the Agent-to-Agent (A2A) protocol for task lifecycle and messaging, combined with the Model Context Protocol (MCP) for passing structured context between your client and the agent. Open Discovery (Metadata Only): A central registry allows developers to publish "Agent Cards" (metadata describing their agent's capabilities, endpoint, and its own required auth), but the registry only handles this metadata. No keys, no execution logic. What's in v0.1.0? This initial release provides the foundational pieces: agentvault (Python Library): The heart of the system (pip install agentvault). KeyManager: A utility class to securely load API keys from environment variables, .env/.json files, or your OS keyring (via keyring integration - pip install agentvault[os_keyring]). It handles the loading priority so your app code doesn't have to. AgentVaultClient: An httpx-based async client implementing the client-side logic for the A2A protocol (based on current drafts/understandings). It handles initiating tasks, sending/receiving messages (including SSE streaming for updates), checking status, and terminating tasks. A2A/MCP Models: Pydantic models defining the structure of Agent Cards, A2A messages/events, and basic MCP context embedding. agent_card_utils: Helpers for parsing and fetching Agent Card JSON. agentvault-registry (Backend API): A FastAPI application (using AsyncPG, SQLAlchemy, Alembic) that serves as the discovery registry. Provides REST endpoints for developers (authenticated via registry-specific keys) to submit/manage Agent Cards and public endpoints for anyone to list/search/retrieve card metadata. Live Dev Instance: A free-tier instance is running at https://agentvault-registry-api.onrender.com. Note: It spins down after inactivity and the first request might take ~30-50s to wake it up! Use it for testing discovery. agentvault-cli (Reference CLI): A command-line tool built with Click/Rich that uses the agentvault library. Demonstrates key management (config set/get/list), agent discovery via the registry (discover), and running tasks on remote agents (run). (Currently installable from source via the repo). Enabling Multi-Agent Systems? While AgentVault doesn't provide agents or orchestration logic itself, it lays the groundwork for building more complex systems securely. Imagine a coding assistant: The main tool (e.g., an IDE extension) uses agentvault's KeyManager to access the user's local OpenAI key. It discovers specialized agents (code gen, testing, linting) via the agentvault-registry. It uses AgentVaultClient to interact with each agent via the standard A2A protocol. It passes code snippets, file context, or results from one agent to another using MCP embedded in A2A messages. AgentVault handles the secure key loading and the standardized communication plumbing, letting developers focus on the agent capabilities and orchestration logic. It's Early Days - Feedback Needed! This is v0.1.0, so expect rough edges and evolving protocols! I'd be incredibly grateful for feedback from the community: Does the KeyManager approach solve a real problem for you? Is the AgentVaultClient API intuitive for A2A interactions? How well does the implementation align with your understanding or needs for A2A/MCP? What's missing? What would make this more useful for building or using agents? Check out the repository, give it a star if it looks interesting, try out the library or CLI (using the live registry or the included mock server example), and please open issues or discussions with your thoughts! GitHub: https://github.com/SecureAgentTools/AgentVault Thanks for reading! Let's build a more secure and interoperable AI agent future together.
Hey Developers!
Anyone else feeling the API key fatigue? Every new AI model, every cool specialized agent seems to want your powerful (and expensive!) OpenAI, Anthropic, or other keys. Stashing them in .env files across projects feels messy, and sharing them with third-party agent services feels... well, risky. On top of that, getting different agents to actually talk to each other consistently is still like the wild west.
That's exactly why I started building AgentVault! It's my attempt to bring some structure, security, and interoperability to this space, and I'm excited to share the first release (v0.1.0) as an open-source project.
- GitHub: https://github.com/SecureAgentTools/AgentVault
- Core Library on PyPI:
pip install agentvault
The Core Idea: Decentralize Keys, Standardize Talk
AgentVault is built on a few key principles:
- Your Keys Stay Local: Your primary, high-value API keys never leave your machine. The system is designed so you manage them locally, and they aren't uploaded or exposed to a central service.
- Standardized Communication (A2A & MCP): Interactions are based on the concepts emerging in the Agent-to-Agent (A2A) protocol for task lifecycle and messaging, combined with the Model Context Protocol (MCP) for passing structured context between your client and the agent.
- Open Discovery (Metadata Only): A central registry allows developers to publish "Agent Cards" (metadata describing their agent's capabilities, endpoint, and its own required auth), but the registry only handles this metadata. No keys, no execution logic.
What's in v0.1.0?
This initial release provides the foundational pieces:
-
agentvault(Python Library): The heart of the system (pip install agentvault).-
KeyManager: A utility class to securely load API keys from environment variables,.env/.jsonfiles, or your OS keyring (viakeyringintegration -pip install agentvault[os_keyring]). It handles the loading priority so your app code doesn't have to. -
AgentVaultClient: Anhttpx-based async client implementing the client-side logic for the A2A protocol (based on current drafts/understandings). It handles initiating tasks, sending/receiving messages (including SSE streaming for updates), checking status, and terminating tasks. - A2A/MCP Models: Pydantic models defining the structure of Agent Cards, A2A messages/events, and basic MCP context embedding.
-
agent_card_utils: Helpers for parsing and fetching Agent Card JSON.
-
-
agentvault-registry(Backend API):- A FastAPI application (using AsyncPG, SQLAlchemy, Alembic) that serves as the discovery registry.
- Provides REST endpoints for developers (authenticated via registry-specific keys) to submit/manage Agent Cards and public endpoints for anyone to list/search/retrieve card metadata.
- Live Dev Instance: A free-tier instance is running at
https://agentvault-registry-api.onrender.com. Note: It spins down after inactivity and the first request might take ~30-50s to wake it up! Use it for testing discovery.
-
agentvault-cli(Reference CLI):- A command-line tool built with Click/Rich that uses the
agentvaultlibrary. - Demonstrates key management (
config set/get/list), agent discovery via the registry (discover), and running tasks on remote agents (run). (Currently installable from source via the repo).
- A command-line tool built with Click/Rich that uses the
Enabling Multi-Agent Systems?
While AgentVault doesn't provide agents or orchestration logic itself, it lays the groundwork for building more complex systems securely. Imagine a coding assistant:
- The main tool (e.g., an IDE extension) uses
agentvault'sKeyManagerto access the user's local OpenAI key. - It discovers specialized agents (code gen, testing, linting) via the
agentvault-registry. - It uses
AgentVaultClientto interact with each agent via the standard A2A protocol. - It passes code snippets, file context, or results from one agent to another using MCP embedded in A2A messages.
AgentVault handles the secure key loading and the standardized communication plumbing, letting developers focus on the agent capabilities and orchestration logic.
It's Early Days - Feedback Needed!
This is v0.1.0, so expect rough edges and evolving protocols! I'd be incredibly grateful for feedback from the community:
- Does the
KeyManagerapproach solve a real problem for you? - Is the
AgentVaultClientAPI intuitive for A2A interactions? - How well does the implementation align with your understanding or needs for A2A/MCP?
- What's missing? What would make this more useful for building or using agents?
Check out the repository, give it a star if it looks interesting, try out the library or CLI (using the live registry or the included mock server example), and please open issues or discussions with your thoughts!
Thanks for reading! Let's build a more secure and interoperable AI agent future together.
