The operator never touches raw secrets.
Instead of handing every route a raw API key, the operator acts with scoped credentials it references by handle. Bring your own KMS so keys never leave it in cleartext — and rotate without the operator ever editing a route.
A leaked config should never be a leaked API key
Instead of giving the operator raw key material, Key Vault hands it a reference — kv://provider/env — and resolves the credential at call time. The operator acts with the scoped credential; the secret itself never leaves the vault.
With BYO-KMS, your keys stay in your own key-management service and never leave it in cleartext. The operator rotates in one place: update the secret behind the handle, and every route that references it picks up the new value with zero edits.
- The operator references, never holds. It acts on secret_ref handles, never raw keys.
- Bring your own KMS. Keys never leave your key-management service in cleartext.
- The operator rotates without edits. Change the secret behind the handle; routes stay untouched.
Secrets stay out of the proof, by design
Instead of trusting the operator not to leak a key, the receipt records only the reference it used — never the credential. The ledger stays safe to share and still complete.
The receipt names the reference, not the secret
Every move the operator makes records the secret_ref it acted on for attribution — never the credential. Recompute the leaf to confirm the record, and note there is no key material anywhere in it.
This is the same client-side verification shipped on the Trust portal. SHA-256 runs via Web Crypto. No Agentics call.
- •Recompute leaf
- •Chain integrity
- •Fold Merkle proof
- •Anchor memo == root
SHA-256 runs in your browser via Web Crypto. No Agentics call.
Reference a secret, never paste one
Instead of pasting a raw key into config, you point the route at a vault handle — and the operator acts on the reference. The key never appears in config.
{
"version": 2,
"strategy": { "mode": "single", "targets": [
{ "provider": "anthropic", "model": "claude-opus-4-8",
"secret_ref": "kv://anthropic/prod" } // ← never a raw key
] }
}
// rotate by updating the secret behind kv://anthropic/prod — configs unchanged
Supervise references and rotation
Instead of tracking keys by hand, you watch the operator: every reference, where it acts, and its rotation state — never the raw value.
Key Vault console
Every reference the operator acts on, with usage and rotation status — raw key material is never displayed.
Open Key Vault →