Quickstart
Set up a project and run your first sealed command in under five minutes
Installation
Install ironrun on Linux, macOS, or Windows using curl, Go, or npm
How It Works
Understand the airgap model, output redaction, and trust architecture
Agent Setup
Connect ironrun to Claude Code, Cursor, or Codex via MCP
The problem ironrun solves
AI coding agents run shell commands on your machine, and some of those commands print secrets:How it works
1
Install ironrun
Download the binary and add it to your PATH.
2
Run setup in your project
ironrun detects your stack, creates an encrypted environment, and wires up your AI agent automatically.
3
Start your agent
Launch Claude Code, Cursor, or Codex. The agent uses
run_sealed instead of raw shell commands — and never sees secret values.Key capabilities
Policy File
Define approved commands and bind them to secret references in a single YAML file
Secret Providers
Pull secrets from 1Password, Doppler, Infisical, HashiCorp Vault, or local envfiles
Trusted Sessions
Grant an agent a two-hour revocable session for normal development work
CI / GitHub Actions
Block fork PRs from accessing production secrets automatically
MCP Tools
Value-blind MCP tools: run_sealed, list_commands, propose_command, and more
Audit Log
Tamper-evident hash-chained log of every sealed execution