Skip to main content

What is Cordon by Codezero?

Cordon is a local Rust proxy that transparently intercepts outbound HTTP/HTTPS requests and injects API credentials from a secret store — 1Password or your OS keychain. Your applications never hold real secrets. They just make normal HTTP calls through the proxy.

No secrets in environment variables

Environment variables leak into logs, crash dumps, child processes, and ps output. Cordon injects credentials at the network layer instead.

No code changes required

Set HTTPS_PROXY and your existing HTTP client works. No additional SDKs, no secret-fetching boilerplate.

Easy HTTP credential rotation

Rotate an HTTP route secret in your secret store. The next request picks it up automatically — no restarts needed.

Bring your own vaults

Integrate directly to native keychains, secrets managers and infrastructure you already invested in.

Why no environment variables?

Environment variables are the most common way to pass secrets to applications, but they have significant drawbacks:
  1. Leak surface — env vars appear in /proc/<pid>/environ, ps eww, crash dumps, error reporters, and CI logs
  2. Inheritance — child processes inherit all env vars. A subprocess you didn’t write now has your API keys
  3. No audit trail — there’s no record of when an env var was read or by whom
  4. Rotation friction — changing a secret requires restarting all processes that use it
Cordon eliminates these issues by keeping secrets out of the process entirely. For HTTP routes, secrets are fetched per-request from the configured source, so rotation takes effect immediately with no process restarts needed. PostgreSQL services currently resolve credentials at startup and require a restart to pick up rotated values. Your application sees HTTPS_PROXY=http://127.0.0.1:6790 — a non-secret configuration value.

How it works

1

Your app connects normally

Your app makes a normal API call or database connection. Cordon sits in the middle, transparent to your application.
2

Cordon matches the route

Cordon checks the destination hostname against your configured routes in cordon.toml.
3

Credentials are injected

Cordon injects the real credential from 1Password or the OS keyring. Your app doesn’t need to send any auth headers. Cordon adds them entirely. This works for HTTP APIs and database connections alike, but only HTTP routes currently fetch secrets just-in-time; PostgreSQL services resolve them at startup.
4

Request is forwarded

The request is forwarded to the upstream API over HTTPS with the injected credentials. Your app never sees the real secret.

Installation

Install cordon via npm

Quickstart

Get up and running in minutes