secret

NAME

secret — manage credentials for the fetch proxy and mount backends

SYNOPSIS

secret set <name> [<value>] --domain <patterns>
secret list
secret delete <name>
secret test <name> <url>
secret edit

DESCRIPTION

The secret command stores credentials that the fetch proxy and mount backends use to authenticate outgoing requests. Secrets are key–value pairs bound to one or more domain patterns. When the fetch proxy sends a request to a matching domain, the secret value is injected server-side into the request headers — the agent never sees the actual secret value. This design keeps credentials out of LLM context while allowing seamless authenticated access to APIs and S3-compatible storage.

Each secret has three components: a name (the lookup key), a value (the credential itself, hidden from agents), and a domain list (which hosts the secret is allowed to be sent to).

CLI MODE

When SLICC runs as a node-server or swift-server, secrets are stored outside the browser. Two backends are supported:

• macOS Keychain (swift-server) — each secret is a generic password in the ai.sliccy.slicc service. The comment field (-j) holds the comma-separated domain list.
• Environment file (node-server) — secrets live in ~/.slicc/secrets.env. Each secret occupies two lines: NAME=value and NAME_DOMAINS=pattern1,pattern2.

In CLI mode, secret set and secret delete print instructions for editing the underlying store rather than writing directly. Changes are picked up on the next request (env file) or immediately (Keychain).

EXTENSION MODE

When SLICC runs as a Chrome MV3 extension, secrets are stored in chrome.storage.local. The secret set command writes directly — no manual editing needed. Two storage keys are created per secret: NAME (the value) and NAME_DOMAINS (comma-separated patterns).

The secret edit subcommand opens the Mount Secrets options page, a form UI where secrets can be managed without typing values into the shell. This is the recommended way to enter credentials in extension mode.

DOMAIN PATTERNS

The --domain flag accepts a comma-separated list of patterns that control which outgoing requests may carry a given secret. The fetch proxy checks the request's hostname against the secret's domain list before injecting the value.

Pattern types:

• Exact match — e.g. api.github.com. Only requests to that exact hostname receive the secret.
• Wildcard — e.g. *.github.com. Matches any subdomain of github.com (but not github.com itself). The wildcard must appear at the leftmost position.

Multiple patterns can be combined: --domain "api.github.com,*.github.com" matches both the apex API host and any subdomain.

S3 PROFILES

S3 and S3-compatible mount backends (AWS, Cloudflare R2, MinIO) read credentials from profile-namespaced secrets following the convention s3.<profile>.<field>. The --profile flag on mount selects which set of keys to use (defaults to default).

Required fields:

• s3.<profile>.access_key_id — the AWS access key ID or equivalent
• s3.<profile>.secret_access_key — the AWS secret access key or equivalent

Optional fields:

• s3.<profile>.region — AWS region (default: us-east-1)
• s3.<profile>.endpoint — custom endpoint URL for R2, MinIO, etc.
• s3.<profile>.session_token — STS session token for temporary credentials
• s3.<profile>.path_style — set to true for path-style addressing (some R2/MinIO setups require this)

COMMANDS

secret set <name> [<value>] --domain <patterns>

Store a secret bound to the given domain patterns. In extension mode, <value> is required and the secret is written immediately to chrome.storage.local. In CLI mode, <value> is omitted and instructions for editing the underlying store are printed instead.

secret list

List all stored secrets. Displays names and domain patterns in a tabular format. Secret values are never shown.

secret delete <name>

Remove a secret. In extension mode, removes the entry from chrome.storage.local immediately. In CLI mode, prints instructions for manual removal.

secret test <name> <url>

Check whether a secret's domain patterns match a given URL. Exits 0 with a checkmark if the secret would be injected into a request to that URL, or exits 1 if not. Useful for debugging domain pattern configuration.

secret edit

In extension mode, opens the Mount Secrets options page — a form-based UI for managing secrets without typing values into the shell. In CLI mode, advises to edit ~/.slicc/secrets.env directly.

SECURITY MODEL

The agent (LLM) can invoke secret list and secret test to discover which secrets exist and which domains they cover. It cannot read secret values — they are never returned from storage to the shell. Values are injected server-side (or in the service worker in extension mode) into outgoing fetch requests that match the secret's domain patterns.

This means an agent can configure mounts and diagnose connectivity issues by name and domain, but a compromised or misbehaving agent cannot exfiltrate credentials.

EXAMPLES

GitHub personal access token

# Extension mode — stores immediately
secret set GITHUB_TOKEN ghp_xxxxxxxxxxxx --domain "api.github.com,*.github.com"

# CLI mode — prints Keychain / env-file instructions
secret set GITHUB_TOKEN --domain "api.github.com,*.github.com"

AWS S3 (default profile)

secret set s3.default.access_key_id     AKIAIOSFODNN7EXAMPLE --domain "*.amazonaws.com"
secret set s3.default.secret_access_key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY --domain "*.amazonaws.com"
secret set s3.default.region            us-west-2 --domain "*.amazonaws.com"

mount --source s3://my-bucket /mnt/s3

Cloudflare R2

secret set s3.r2.access_key_id      ...  --domain "*.r2.cloudflarestorage.com"
secret set s3.r2.secret_access_key  ...  --domain "*.r2.cloudflarestorage.com"
secret set s3.r2.endpoint           https://abc123.r2.cloudflarestorage.com --domain "*.r2.cloudflarestorage.com"
secret set s3.r2.path_style         true --domain "*.r2.cloudflarestorage.com"

mount --source s3://my-r2-bucket --profile r2 /mnt/r2

Custom API key

secret set OPENAI_API_KEY sk-... --domain "api.openai.com"
secret test OPENAI_API_KEY https://api.openai.com/v1/chat/completions
# ✓ OPENAI_API_KEY is allowed for api.openai.com

Verifying configuration

secret list
# NAME                        DOMAINS
# GITHUB_TOKEN                api.github.com, *.github.com
# s3.r2.access_key_id        *.r2.cloudflarestorage.com
# s3.r2.secret_access_key    *.r2.cloudflarestorage.com
# ...

secret test s3.r2.access_key_id https://abc123.r2.cloudflarestorage.com/bucket/key
# ✓ s3.r2.access_key_id is allowed for abc123.r2.cloudflarestorage.com

SEE ALSO

mount, oauth-token, fetch