request_secret — capsules let you encrypt the value before it ever enters the conversation transcript. You type the value into a masked terminal prompt, get back a short ciphertext that starts with ir1., and paste only that ciphertext into chat.
The problem capsules solve
A plaintext secret pasted directly into chat is in the model’s context window, may appear in the AI provider’s logs, and is written verbatim to local conversation history files — for example, Claude Code’s~/.claude/projects/<hash>/*.jsonl files. Once the value is there, it cannot be retroactively removed. Capsules keep the plaintext out of that path entirely.
How capsules work
1
Agent requests a secret
The agent calls the
request_secret MCP tool with a declared alias and a reason. It has no plaintext value field — only a reference.2
You create a capsule
3
You paste the ciphertext into chat
Paste only the
ir1. ciphertext. The plaintext value never enters the conversation.4
Agent claims the capsule
The agent passes the ciphertext to the
claim_capsule MCP tool. ironrun decrypts the value locally, stores it in the encrypted vault, and marks the capsule as consumed. The agent does not receive the plaintext.5
Capsule expires
If the capsule is not claimed within 10 minutes, it becomes unusable automatically.
Usage
share command also accepts capsule as an alias.
Example
ir1. line into chat. That is the only string your agent and the AI provider ever see.
Flags
share create
Override the capsule lifetime. The maximum is 10 minutes. Accepts Go duration strings such as
5m or 10m.