A local proxy hands your agent a fake DSN, never the real credential.
The real one swaps in only on the way out, never in context or logs.
How it works
Instead of a real connection string, your agent gets a DSN or token pointing at localhost, the address of the local proxy.
The agent dials localhost exactly like it would dial the real database or service. Cloak is the only thing listening there.
Cloak opens the actual connection to the destination and substitutes the real credential, transparently, never touching agent context or logs.
Same query, one line of difference
The real password sits in plaintext, in every prompt, log line, and trace the agent produces.
Cloak swaps in the real password only on the way out. The agent, and everything it writes, never sees it.
Built for credential isolation, not access policy
Cloak runs alongside your agent process. No service to deploy, no infrastructure to stand up.
The real DSN and credential never enter the agent’s prompt, memory, or logs, only the local proxy ever holds them.
Cloak keeps the credential out of the agent’s reach. It doesn’t enforce access rules or audit what runs, that’s a separate concern.
Need this enforced across your whole fleet, with policy and audit too?
hoop is the same credential-isolation proxy, running centrally, with access policy, data masking, and full audit logs across every agent and every protocol.