opencode-secret-tools

Configurable secret bridge plugin for OpenCode

Bridges arbitrary CLI password managers (rbw, 1Password, gopass) into OpenCode sessions with a synchronous post-execution redaction hook that scrubs secret values from all LLM-visible output via in-memory string substitution.

created: 20/05/2026
updated: 21/05/2026

> notes

renjfk/opencode-secret-tools [stars: 1]

If your OpenCode agent ever touches CLI-based secret stores like rbw, 1Password CLI, or gopass, this is for you.

What it is

opencode-secret-tools is a plugin that gives OpenCode access to your local secret vault without leaking values into the LLM context.

It provides three tools: list_secrets, get_secret, and clear_secret. When you pull a secret, the value is injected into process.env where your tools can use it. A post-execution hook then redacts every tracked value from all tool outputs before they reach the model.

Why I built it

Earlier, I had my secrets injected into environment variables through a shell script that ran before OpenCode started. It seemed fine until a model decided to read that script file into context, unprompted. Every key, every token, right in the prompt. I had to rotate everything.

So I decided to build a plugin that provides tooling for this very specific reason: load secrets on demand, inject them into the environment, and make sure their values never surface in LLM context no matter what the model tries to read.

How it works

You point it at your vault CLI with a listCmd and a getCmd. That is it. No new tool, no extra daemon. It shells out to whatever you already use, returns secret names through list_secrets, and fetches values on demand through get_secret. Values shorter than four characters are never redacted, to avoid false positives on common short tokens.