Long-form writing on AI agent security, secrets management architecture, and the Claude Code threat model.https://claulock.com/https://claulock.com/blog/secure-claude-in-production/https://claulock.com/blog/secure-claude-in-production/A practical, end-to-end guide: identity and scoping, never-reveal secrets, tool surface discipline, prompt injection, execution isolation, supply chain, audit, and a concrete incident runbook. Pillar post, ecosystem-neutral where possible.Tue, 21 Apr 2026 00:00:00 GMTJesús E. Vierahttps://claulock.com/blog/vault-vs-claulock/https://claulock.com/blog/vault-vs-claulock/HashiCorp Vault is the best secrets infrastructure the services era produced — and it's the wrong shape for agents. A technical walkthrough of where the fit breaks, why the natural retrofits leak, and how the two tools coexist.Tue, 21 Apr 2026 00:00:00 GMTJesús E. Vierahttps://claulock.com/blog/agent-secrets-category/https://claulock.com/blog/agent-secrets-category/A new infrastructure category is forming at the intersection of secrets management and AI agents. Naming it, mapping it, and separating it from the adjacent categories it gets confused with.Tue, 21 Apr 2026 00:00:00 GMTJesús E. Vierahttps://claulock.com/blog/claude-secrets-manager/https://claulock.com/blog/claude-secrets-manager/Why API keys end up in transcripts when you pair Claude Code with the usual secret-handling patterns, and what it takes to make the leak impossible instead of unlikely.Tue, 21 Apr 2026 00:00:00 GMTJesús E. Vierahttps://claulock.com/blog/env-is-dead/https://claulock.com/blog/env-is-dead/.env files solved a problem from 2011. The AI-agent threat model broke every assumption they were built on — here is what replaces them.Tue, 21 Apr 2026 00:00:00 GMTJesús E. Viera