Skip to content

Agentic keychain management without giving agents your secrets.

Vault provider API keys once, mint scoped vtx_session_* keychains for each agent, and route every call through Vertex. You control what each agent can use, then see exactly which services it touched, how often, and whether each request was allowed, blocked, or failed.

<150ms
Median proxy overhead
ES256 + token
Layered agent identity
0
Secrets in agent context
agent activitylive5 keychains · monitored
  • deploy-botStripe · sk_live09:42allowed
    $420 / $500 cap
  • support-agentLinear · issues09:41allowed
  • ops-botGitHub · delete_repo09:38blocked
    tool denied
  • data-agentfile-upload.io09:35blocked
    egress denied
  • data-syncSupabase · rows09:33allowed
calls today
12,840
blocked
37
secrets exposed
0

Agent secret vault

Agents receive short-lived vtx_session_* keychains. Production API keys stay vaulted and never leave the server.

MCP-aware access control

Typed tool and API inspection lets you deny stripe.create_payout, cap the agent's daily spend wallet, and taint sessions after untrusted reads.

Agent API monitoring

Monitor which services each agent uses, how often, what was allowed or blocked, and which keychain made the request.

Multi-tenant keychains

Server-to-server keychain issuance API for B2B AI products that secure their customers' provider keys.

Agentic keychain management

Manage AI agent API access and see what every agent is doing.

Vertex sits between your AI agents and external APIs. It keeps provider credentials out of the agent runtime, limits what each keychain can access, and gives operators a live record of activity, usage, blocked requests, and credential use.

Agent API security

Autonomous agents call GitHub, Stripe, Linear, or internal APIs through scoped keychains, with no raw production credentials in the agent runtime.

B2B AI products holding customer keys

Mint a Vertex keychain per end-user. Per-tenant audit, scoped tool and domain policy, instant revoke.

MCP server policy layer

Drop Vertex in front of any MCP server. Allow or deny tools by namespace, bind tools to domains, and taint sessions after risky reads.

Agent monitoring

Usage charts and audit rows show what each agent accessed, which API credentials it used, how often, and where policy blocked it.

Two lines from your agent runtime

Swap the provider host for Vertex. Send the keychain. Audit every API call by default.

TypeScript clientclient.ts
import { VertexClient } from "vertex-blue-client";

const vertex = new VertexClient({
  keychain: process.env.VTX_SESSION_KEY!,
});

const res = await vertex.proxy(
  "https://api.stripe.com/v1/charges",
  { method: "POST", body: { amount: 4200, currency: "usd" } },
);
Issue a keychaincurl
curl -X POST https://www.vertex.blue/api/v1/keychains \
  -H "Authorization: Bearer $VTX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "tenant_id": "your-customer-uuid",
    "service_ids": ["3f1c9a2e-0b7d-4e6a-9c11-2a8f5d4b7e90"],
    "policy": { "max_spend_cents": 50000, "ttl_minutes": 60 }
  }'
Security architecture

Four checkpoints between your secrets and a breach.

  1. 01

    Locked to you

    A stolen agent key still does only what you allowed. Nothing more, nowhere else.

  2. 02

    Bad moves blocked

    Abuse, runaway loops, and overspend are stopped before a single provider call goes out.

  3. 03

    Secrets stay hidden

    Your real API keys appear for an instant in memory, then vanish. Never written, never logged.

  4. 04

    Proof you can check

    Every action is recorded in a tamper-evident chain, so one altered record is obvious.

Operational view

A live console for every agent API route, credential, and blocked request.

Operational viewlivelast 24h
  • 09:42GitHub issue syncallowed
  • 09:40Stripe invoice draftallowed
  • 09:38Cloud metadata probeblocked
Plans

Start small, then put every agent keychain behind policy.

 Solo dev shipping a product

Developer

$19/mo
  • 100 stored keys · 3 active keychains
  • 100,000 routed calls / mo
  • 30-day audit retention
Start Developer
Most popularTeams in production

Business

$99/mo
  • Unlimited stored keys · 25 active keychains · 5 seats
  • 1,000,000 routed calls / mo
  • 365-day audit retention
  • Priority email support
Start Business
TailoredRegulated agent fleets

Enterprise

Custom
  • Volume pricing & custom quotas
  • SSO / SAML & SCIM
  • On-prem proxy option
  • Dedicated support & SLA

Manage agentic keychains without shipping API key risk.

Put a zero-trust proxy and secret vault between autonomous execution and every production API.

Sign up now