zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. arjie+hT[view] [source] 2026-01-14 22:09:30
>>nico+(OP)
For the database, I use a read-only user. I also give it full R/W to a staging DB and the local dev DB. Even if it egresses that, nothing can happen.

SSH I just let it roll because it's my personal stuff. Both Claude and Codex will perform unholy modifications to your environment so I do the one bare thing of making `sudo` password-protected.

For the production stuff I use, you can create an appropriate read-only role. I occasionally let it use my role but it inevitably decides to live-create resources like `kubectl create pod << YAML` which I never want. It's fine because they'll still try and fail and prompt me.

◧◩
2. fhub+sW[view] [source] 2026-01-14 22:23:03
>>arjie+hT
Are you comfortable giving LLM read access to fields that have PII? Anything related to authentication? Is it allow-list of access or a deny-list?
[go to top]