March 10, 2026
Who gave the bot our keys?
Secure Secrets Management for Cursor Cloud Agents
Dev panic over “leaky” cloud bots — Infisical says keep one key, fetch the rest
TLDR: Infisical’s plan: keep one small “machine identity” in Cursor and fetch all other secrets on the fly, avoiding long‑lived tokens and frozen snapshots. The top reaction warned the risk is baked in regardless, sparking a debate between safety‑first guardrails and fears of “one key to rule them all.”
Commenters went full alarm-bell mode after Infisical dropped a guide on locking down secrets for Cursor Cloud Agents—those cloud helpers that spin up a fresh temporary computer for each task and need passwords, tokens, and keys to talk to your tools. Cursor’s built‑in Secrets panel helps a little, but critics say it doesn’t rotate keys, track access, or prevent those keys from getting baked into snapshots or files that live forever. Infisical’s pitch: keep only a tiny “machine identity” key in Cursor, and pull everything else at runtime so real secrets never sit in the agent’s storage. Cleaner, safer, less oops.
The mood? Spicy. One top take called out the elephant in the server room: risk exists whether you’re careful or not—every new agent is a fresh doorway. Security folks cheered the “reduce the blast radius” approach; skeptics side‑eyed the “one key to unlock all the keys” vibe and muttered about vendor lock‑in. Meanwhile, the memes practically wrote themselves: keys under the doormat, the “AI intern with root access,” and the Russian‑nesting‑dolls of keys to get more keys. Fans argued this is practical guardrails for real teams; haters grumbled it’s just moving trust around. Either way, the comment section turned a how‑to into a showdown over convenience vs. caution—and Infisical leaned hard into the “don’t store secrets on the robot” gospel.
Key Points
- •Cursor Cloud Agents launch isolated Ubuntu VMs from snapshots, clone repos, and follow install/start lifecycle steps defined in .cursor/environment.json.
- •The built-in Cursor Secrets UI supports basic env var injection but lacks rotation, auditing, and granular access isolation.
- •Security risks include secrets baked into VM snapshots, hardcoded values in environment configs, no audit trail, and long-lived credentials.
- •Infisical recommends storing only machine identity credentials in Cursor and fetching all other secrets from Infisical at runtime.
- •Implementation uses Infisical’s Universal Auth and infisical run in the start script to inject secrets as environment variables into running processes.