// Secrets, governed

The operator never touches raw secrets.

Instead of handing every route a raw API key, the operator acts with scoped credentials it references by handle. Bring your own KMS so keys never leave it in cleartext — and rotate without the operator ever editing a route.

// What it is

A leaked config should never be a leaked API key

Instead of giving the operator raw key material, Key Vault hands it a reference — kv://provider/env — and resolves the credential at call time. The operator acts with the scoped credential; the secret itself never leaves the vault.

With BYO-KMS, your keys stay in your own key-management service and never leave it in cleartext. The operator rotates in one place: update the secret behind the handle, and every route that references it picks up the new value with zero edits.

// What you get
  • The operator references, never holds. It acts on secret_ref handles, never raw keys.
  • Bring your own KMS. Keys never leave your key-management service in cleartext.
  • The operator rotates without edits. Change the secret behind the handle; routes stay untouched.
// How the ledger makes it better

Secrets stay out of the proof, by design

Instead of trusting the operator not to leak a key, the receipt records only the reference it used — never the credential. The ledger stays safe to share and still complete.

The receipt names the reference, not the secret

Every move the operator makes records the secret_ref it acted on for attribution — never the credential. Recompute the leaf to confirm the record, and note there is no key material anywhere in it.

This is the same client-side verification shipped on the Trust portal. SHA-256 runs via Web Crypto. No Agentics call.

// Verify in your browser Anchored
receipt_idc4d8e2f0…4e5f
prev_hash1af67611…4a032
payload_hash2962f6b5…466dd
recomputed
merkle_root14a24583…c058a
  • Recompute leaf
  • Chain integrity
  • Fold Merkle proof
  • Anchor memo == root

SHA-256 runs in your browser via Web Crypto. No Agentics call.

// The reference

Reference a secret, never paste one

Instead of pasting a raw key into config, you point the route at a vault handle — and the operator acts on the reference. The key never appears in config.

{
  "version": 2,
  "strategy": { "mode": "single", "targets": [
    { "provider": "anthropic", "model": "claude-opus-4-8",
      "secret_ref": "kv://anthropic/prod" }   // ← never a raw key
  ] }
}
// rotate by updating the secret behind kv://anthropic/prod — configs unchanged

Read the secret-ref docs →

// In the console

Supervise references and rotation

Instead of tracking keys by hand, you watch the operator: every reference, where it acts, and its rotation state — never the raw value.

acme.agentics.you/console/keys/

Key Vault console

Every reference the operator acts on, with usage and rotation status — raw key material is never displayed.

Open Key Vault →
// Keys, kept

Let the operator run your AI without ever touching a raw key.