keychains.dev

Your agents
never see the keys.

Secure credential delegation for AI agents. 6,800+ API providers. Server-side injection. Immune to prompt injection by design.

# before: secrets in plaintext
curl -H "Authorization: Bearer sk-live-abc123..." api.stripe.com/charges

# after: agent never sees the key
keychains curl -H "Authorization: Bearer {{STRIPE_PRIVATE_KEY}}" api.stripe.com/charges

✓ credentials injected server-side
✓ agent context: zero secrets exposed

Built for the agent era

Traditional secret managers assume trusted consumers. Agents run tool calls shaped by prompts. Protection has to happen at use-time.

>_

Drop-in replacement

Replace curl with keychains curl. Template variables instead of hardcoded secrets. Zero code rewrite.

//

Server-side injection

Credentials resolve on our servers, never in the agent's context window. Architecturally immune to prompt injection.

[x]

User approval flow

When an agent requests a new API scope, the user explicitly approves. Full audit trail of every credential access.

~/.ssh

Machine identity

SSH keypair authentication for agents. No passwords, no shared secrets. Cryptographic identity per machine.

Instant revocation

One click to revoke access. No secret rotation, no redeployment. The agent's token simply stops resolving.

{…}

Scoped delegation

Create sub-tokens for sub-agents with limited API scope. Multi-agent architectures with principle of least privilege.

6,800+
API Providers Supported
0
Secrets in Agent Context
3
Auth Methods (OAuth, API Key, Basic)

How it works

01
Agent calls keychains curl with template variables like {{GITHUB_TOKEN}}
02
Request hits Keychains proxy which resolves credentials from your vault
03
Real credentials injected server-side and forwarded to the target API
04
Response returned to agent with full audit log of what was accessed

The trust layer the agentic web was missing.

Every agent framework. Every API. Zero credential exposure. This is how agents should have always worked.