agent-keyhole/keyhole.yaml.sample at master · darrylhansen/agent-keyhole · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Keyhole configuration — keyhole.yaml
# See: docs/keyhole-overview.md for architecture details
# See: docs/keyhole-secret-runbook.md for secret management
#
# Each service entry maps a domain to a credential stored in the vault.
# khurl and the HTTP interceptor use this to inject credentials automatically.

services:
  # ─── Example: GitHub API ───
  # github:
  #   domains:
  #     - api.github.com
  #   auth:
  #     type: bearer
  #     secret_ref: github-token
  #   sdk_env:
  #     GITHUB_TOKEN: "{{placeholder}}"
  #   response_masking:
  #     patterns:
  #       - "ghp_[a-zA-Z0-9]{36}"
  #     json_paths:
  #       - "$.token"

  # ─── Example: OpenAI API ───
  # openai:
  #   domains:
  #     - api.openai.com
  #   auth:
  #     type: bearer
  #     secret_ref: openai-key
  #   sdk_env:
  #     OPENAI_API_KEY: "{{placeholder}}"
  #   response_masking:
  #     patterns:
  #       - "sk-[a-zA-Z0-9]{48}"

  # ─── Example: Anthropic API ───
  # anthropic:
  #   domains:
  #     - api.anthropic.com
  #   auth:
  #     type: bearer
  #     secret_ref: anthropic-key
  #   headers:
  #     anthropic-version: "2023-06-01"
  #   sdk_env:
  #     ANTHROPIC_API_KEY: "{{placeholder}}"

  # ─── Example: Slack API ───
  # slack:
  #   domains:
  #     - slack.com
  #     - api.slack.com
  #   auth:
  #     type: bearer
  #     secret_ref: slack-token
  #   sdk_env:
  #     SLACK_BOT_TOKEN: "{{placeholder}}"

  # ─── Example: Pass-through (no credential injection) ───
  # public-web:
  #   domains:
  #     - "*.githubusercontent.com"
  #   passthrough: true

# ─── Multi-agent access control (optional) ───
# agents:
#   content-bot:
#     services: [github, openai]
#   coding-bot:
#     services: [github, openai, anthropic]