Skip to main content

What is Cordon by Codezero?

Cordon is a local Rust proxy that transparently intercepts outbound HTTP/HTTPS requests and injects API credentials from a secret store — 1Password or your OS keychain. Your applications never hold real secrets. They just make normal HTTP calls through the proxy.

No secrets in environment variables

Environment variables leak into logs, crash dumps, child processes, and ps output. Cordon injects credentials at the network layer instead.

No code changes required

Set HTTPS_PROXY / HTTP_PROXY and most HTTP clients work. See the SDK and language compatibility guide for details.

Easy HTTP credential rotation

Rotate an HTTP route secret in your secret store. The next request picks it up automatically — no restarts needed.

Bring your own vaults

Integrate directly to native keychains, secrets managers and infrastructure you already invested in.

How it works

1

Your app connects normally

Your app makes a normal API call or database connection. Cordon sits in the middle, transparent to your application.
2

Cordon matches the route

Cordon checks the destination hostname against your configured routes in cordon.toml.
3

Credentials are injected

Cordon injects the real credential from 1Password or the OS keyring. Your app doesn’t need to send any auth headers. Cordon adds them entirely. This works for HTTP APIs and database connections alike, but only HTTP routes currently fetch secrets just-in-time; PostgreSQL services resolve them at startup.
4

Request is forwarded

The request is forwarded to the upstream API over HTTPS with the injected credentials. Your app never sees the real secret.

Installation

Install cordon via npm

Quickstart

Get up and running in minutes