Maker here. Short version of why this exists: I got tired of pasting API keys into .env files every time I spun up a new agent. No record of which agent had access to what, no approval workflow, no audit, no revocation story.
AgentKey flips the model. Agents start with zero access. They request tools with a reason via HTTP. A human approves once, and the credential is vended encrypted (AES-256-GCM, per-record IV) only when an agent actually fetches it — never stored by the agent itself. Every request, approval, and credential fetch is in an append-only audit log.
Two things I think are actually interesting vs existing secrets managers:
1. Agent-driven catalog. If an agent needs a tool that isn't in the catalog, it submits a suggestion with a reason. Multiple agents can back the same suggestion, so admins see aggregated demand instead of one-off tickets. That's the "wild" part that makes it feel different from Vault-style vaults.
2. License choice. BSL 1.1, auto-converting to Apache 2.0 on April 1, 2030. I wanted source-available + self-hostable without giving cloud providers a free managed service until the market shakes out. Happy to debate that choice.
Stack: Next.js 16, Drizzle + Postgres (Neon), Upstash for rate limiting, Clerk for human auth, deployed on Vercel. API keys verified with timing-safe compare. No SDK — just HTTP, so anything that can make a request works (Claude Code, Cursor, LangChain, CrewAI, custom).
Things I know are rough: no pre-seeded integration catalog (you add tools yourself, optionally via an AI-drafted setup guide from a docs URL), V1 has no RBAC inside an org, shared credential rotation is still manual. All solvable, but honest about where it is.
Free forever managed, or self-host. Would love brutal feedback — architecture, the agent-driven catalog bet, the BSL decision, threat model, anything.
nigardev•1h ago
curious how the approval workflow works. do agents request access and wait for human approval, or is it more like predefined policies that let certain agent types through automatically
cracadumi•2h ago
AgentKey flips the model. Agents start with zero access. They request tools with a reason via HTTP. A human approves once, and the credential is vended encrypted (AES-256-GCM, per-record IV) only when an agent actually fetches it — never stored by the agent itself. Every request, approval, and credential fetch is in an append-only audit log.
Two things I think are actually interesting vs existing secrets managers:
1. Agent-driven catalog. If an agent needs a tool that isn't in the catalog, it submits a suggestion with a reason. Multiple agents can back the same suggestion, so admins see aggregated demand instead of one-off tickets. That's the "wild" part that makes it feel different from Vault-style vaults.
2. License choice. BSL 1.1, auto-converting to Apache 2.0 on April 1, 2030. I wanted source-available + self-hostable without giving cloud providers a free managed service until the market shakes out. Happy to debate that choice.
Stack: Next.js 16, Drizzle + Postgres (Neon), Upstash for rate limiting, Clerk for human auth, deployed on Vercel. API keys verified with timing-safe compare. No SDK — just HTTP, so anything that can make a request works (Claude Code, Cursor, LangChain, CrewAI, custom).
Things I know are rough: no pre-seeded integration catalog (you add tools yourself, optionally via an AI-drafted setup guide from a docs URL), V1 has no RBAC inside an org, shared credential rotation is still manual. All solvable, but honest about where it is.
Free forever managed, or self-host. Would love brutal feedback — architecture, the agent-driven catalog bet, the BSL decision, threat model, anything.