Skip to main content
ironrun is a local-first tool that lets AI coding agents run commands with live secrets — without ever seeing those secrets. It sits between the agent and every command it executes, injecting credentials at runtime and stripping them back out of all output before the agent reads the result.

Quickstart

Set up a project and run your first sealed command in under five minutes

Installation

Install ironrun on Linux, macOS, or Windows using curl, Go, or npm

How It Works

Understand the airgap model, output redaction, and trust architecture

Agent Setup

Connect ironrun to Claude Code, Cursor, or Codex via MCP

The problem ironrun solves

AI coding agents run shell commands on your machine, and some of those commands print secrets:
When an agent runs one of these commands — even while legitimately debugging — the secret value lands in the chat transcript, the model’s context window, and potentially the provider’s logs. ironrun adds the missing piece: secrets flow in to commands, but never flow back out to the agent.

How it works

1

Install ironrun

Download the binary and add it to your PATH.
2

Run setup in your project

ironrun detects your stack, creates an encrypted environment, and wires up your AI agent automatically.
3

Start your agent

Launch Claude Code, Cursor, or Codex. The agent uses run_sealed instead of raw shell commands — and never sees secret values.

Key capabilities

Policy File

Define approved commands and bind them to secret references in a single YAML file

Secret Providers

Pull secrets from 1Password, Doppler, Infisical, HashiCorp Vault, or local envfiles

Trusted Sessions

Grant an agent a two-hour revocable session for normal development work

CI / GitHub Actions

Block fork PRs from accessing production secrets automatically

MCP Tools

Value-blind MCP tools: run_sealed, list_commands, propose_command, and more

Audit Log

Tamper-evident hash-chained log of every sealed execution