How AgentKey protects your credentials
AgentKey is a credential management system. Security is not a feature — it is the product. Here is exactly how we handle your data.
Threat model
AgentKey centralizes approval, audit, rotation, and revocation of the credentials your AI agents use. When an agent fetches a credential, it receives the actual secret (API key or token) over TLS. The agent then uses that secret directly against the target service.
This means AgentKey does not eliminate secret exposure at use time. A compromised agent that has been granted access to a tool will be able to read and use that credential until its access is revoked.
What AgentKey does solve
- Who has access to what— every agent–tool relationship is explicitly approved by a human
- Credential sprawl — secrets live in one encrypted store, not scattered across .env files, config repos, and chat logs
- Visibility — every credential fetch is logged with agent ID, tool, and timestamp
- Instant revocation — one click to cut off an agent, effective immediately (no cache, no delay)
- Zero-disruption rotation — rotate a credential once, every agent gets the new one on next fetch
What AgentKey does not solve (yet)
- Secret-free agent execution — proxy architectures where the agent never sees the raw credential are a complementary design, not the same thing. We may add a proxy mode in the future, but it is not the current model.
- Runtime behavior monitoring — AgentKey controls which tools an agent can access, not what the agent does with them once it has the credential
- Infrastructure-level NHI management — AgentKey operates at the application layer for small-to-mid teams, not at enterprise infrastructure scale across thousands of service accounts
If your threat model requires that agents never see raw secrets, you need a proxy — and AgentKey can sit in front of one to handle approval, audit, and rotation. The two approaches are complementary.
Encryption at rest
All SaaS credentials (API keys, OAuth tokens, bot tokens) and webhook URLs (Slack, Discord) are encrypted using AES-256-GCM before being written to the database.
- Algorithm: AES-256-GCM (authenticated encryption with associated data)
- Implementation: Node.js built-in
node:cryptomodule - Initialization vector: 12-byte random IV generated per encryption operation using
crypto.randomBytes() - Authentication tag: 16-byte GCM tag stored alongside the ciphertext, ensuring both confidentiality and integrity
- Key: 256-bit encryption key stored as an environment variable, never committed to source control
Credentials are never stored in plaintext. They are never logged. They are never included in database backups in decrypted form.
Key management
The 256-bit encryption key is provided as an environment variable and managed by the hosting platform (Vercel on the managed service, your infrastructure for self-hosted deployments). This is a single-key model — appropriate for the current threat model but without envelope encryption or HSM-backed key storage.
For deployments that require HSM-backed key management or envelope encryption (e.g., SOC 2 Type II, HIPAA), these capabilities are on the roadmap. Contact us at [email protected] if this is a requirement for your organization.
Encryption in transit
All connections to AgentKey use TLS (HTTPS). This includes:
- Dashboard access (admin interface)
- Agent API calls (credential fetching, access requests)
- Connections between AgentKey and its infrastructure providers (database, authentication)
Agent API key management
When you register an agent, AgentKey generates an API key in the format sk_agent_ followed by 24 cryptographically random bytes (base64url encoded).
- The API key is shown to you once at creation time. It is never displayed again.
- Only a SHA-256 hash of the key is stored in the database. The original key cannot be recovered from the hash.
- API key verification uses timing-safe comparison (
crypto.timingSafeEqual()) to prevent timing attacks.
Credential vending
Agents do not store SaaS credentials. They fetch them on demand via the API:
- Agent authenticates with its API key
- AgentKey verifies the agent has an approved access grant for the requested tool
- The credential is decrypted in memory and returned over TLS
- The fetch is recorded in the audit log with timestamp, agent ID, and tool ID
If the agent's access has been revoked, the request returns HTTP 403. Revocation is immediate — there is no cache or delay.
Audit logging
Every action in AgentKey is recorded in an append-only audit log:
- Agent registration and suspension
- Tool creation, update, and deletion
- Access requests and their justifications
- Approvals and denials (with who decided and when)
- Credential fetches (which agent, which tool, when)
- Credential rotations
- Access revocations
Audit logs are queryable and filterable by agent, tool, action type, and date range. They are retained for 30 days on the free tier.
AI features and credential isolation
AgentKey offers AI-powered features (setup guide generation, form drafting). These features process:
- Tool names and URLs
- Publicly available documentation content
- Agent justification text (why the agent needs the tool)
Credentials are never sent to AI model providers. The AI features operate exclusively on metadata and public information. There is a hard boundary in the codebase between credential decryption (which only happens during agent API calls) and AI feature processing.
Edge protection — Cloudflare Enterprise
All traffic to AgentKey passes through Cloudflare Enterprise, providing multiple layers of protection before requests reach the application:
- WAF Managed Rulesets — Cloudflare Managed Ruleset and OWASP Core Ruleset active. Blocks SQL injection, XSS, and other common attack vectors at the edge.
- Exposed Credentials Check — automatically detects and blocks requests containing known leaked credentials.
- DDoS Mitigation — automatic L3/L4/L7 DDoS protection. AgentKey stays available even under attack.
- Custom WAF Rules — block unusual HTTP methods on API endpoints, challenge suspicious sign-up attempts, reject high-threat-score requests.
- Tiered Caching — reduces origin load and improves global response times.
- Agent-friendly bot policy — AgentKey is designed for AI agent traffic. Bot management is configured to allow automated API access while protecting the dashboard from abuse.
TLS configuration
- SSL mode: Full (Strict) — end-to-end encryption with origin certificate validation
- Minimum TLS version: 1.2
- TLS 1.3 and 0-RTT connection resumption: enabled
- HTTP/2 and HTTP/3 (QUIC): enabled for faster connections
- Automatic HTTPS rewrites and Always Use HTTPS: enforced
Infrastructure
| Component | Provider | Region |
|---|---|---|
| Edge protection | Cloudflare Enterprise (WAF, DDoS, TLS) | Global (300+ cities) |
| Application | Vercel (serverless) | us-east-1 |
| Database | Neon PostgreSQL | us-east-1 |
| Authentication | Clerk | United States |
| AI features | Vercel AI Gateway | United States |
Incident response
In the event of a security breach that affects your data:
- We will notify affected users within 72 hours of confirming the breach (consistent with GDPR requirements)
- Notification will include: what happened, what data was affected, what actions we are taking, and what actions you should take (e.g., rotating credentials)
- We will notify the CNIL (French data protection authority) as required by GDPR Article 33
Responsible disclosure
If you discover a security vulnerability in AgentKey, we ask that you disclose it responsibly:
- Email [email protected] with a description of the vulnerability
- Include steps to reproduce, if possible
- Allow us reasonable time (90 days) to address the issue before public disclosure
- Do not access, modify, or delete data belonging to other users during your research
We will acknowledge receipt within 48 hours and provide an initial assessment within 7 days. We appreciate and credit security researchers who follow responsible disclosure practices.
Rate limiting and abuse prevention
All API endpoints are rate limited to prevent abuse:
- Agent API: 3-tier sliding window rate limiting per agent — 10 requests/hour for access requests, 60/minute for credential fetches, 120/minute for reads
- Admin API: 30 requests/minute per user on all mutation endpoints (tool creation, agent creation, approvals, key rotation)
- Failed authentication attempts are logged with structured metadata for security monitoring
- Suspended agents are rejected immediately and the attempt is recorded in the audit log
HTTP security headers
AgentKey enforces the following security headers on all responses:
- Content-Security-Policy — restricts script, style, image, and connection sources to known origins
- Strict-Transport-Security — HSTS with a 2-year max-age, including subdomains
- X-Frame-Options: DENY — prevents clickjacking
- X-Content-Type-Options: nosniff — prevents MIME sniffing
- Permissions-Policy — disables camera, microphone, and geolocation APIs
What we do not do
- We do not access decrypted credentials for any purpose other than vending them to authorized agents
- We do not have a "back door" or administrative access to view your credentials in plaintext
- We do not log credential values in application logs
- We do not share credentials or organizational data with third parties
- We do not use your data for training AI models
Questions
For security questions or concerns, contact [email protected].