OP isn't talking about giving agents credentials, that's a whole nother can of worms. And yes, agreed, don't do it. Some kind of additional layer is crucial.

Personally I don't like the proxy / MITM approach for that, because you're adding an additional layer of surface area for problems to arise and attacks to occur. That code has to be written and maintained somewhere, and then you're back to the original problem.