Token Vault
Getting Started

What is Token Vault? Architecture & Core Concepts

Secure credential management and MCP proxy for AI agents - store, encrypt, and control access to your API keys and OAuth tokens.

Token Vault is a webhook-sovereign credential broker for AI agents. Your credentials live on your own infrastructure — a webhook server you deploy and control. Token Vault never holds or sees them. It enforces identity, grants, and ABAC policies, then routes agents and proxies to your webhook via signed tickets.

The Problem

AI agents need credentials to call external APIs on your behalf. Today, that typically means:

  • Plaintext config files - API keys stored in .env files, Claude config JSON, or shell history
  • No revocation - once a credential leaks, you have to rotate it at the provider and update every agent
  • No audit trail - you have no visibility into which agent used which credential and when
  • No scoping - agents get full access to whatever the credential allows, with no time limits or restrictions

System Architecture

Loading diagram...

How Token Vault Solves It

Token Vault sits between your AI agents and the APIs they need to access — as a policy and routing layer, never as a credential store:

Loading diagram...

Four capabilities make this work:

  • Zero-knowledge vault - credentials are encrypted with AES-256-GCM and stored on your webhook. Your webhook owns the encryption key. Token Vault never sees the key or the plaintext credential.
  • MCP proxy - agents connect to Token Vault's MCP proxy endpoint instead of directly to APIs. Token Vault forwards to your webhook, which injects real credentials into upstream requests. Agents never see the actual keys.
    • Supports any upstream MCP server (GitHub, Slack, Google, custom)
    • Proxy keys are random strings, so no credential material appears in agent configs
  • Agent grants - each agent gets scoped, time-limited access to specific credentials. A grant expires automatically, and you can revoke it at any time.
    • REST and MCP interfaces for credential retrieval
    • Per-credential expiry from 1 hour to 30 days, or "until revoked"
  • ABAC policies - attach attribute-based access control rules to any agent, proxy, or token. Restrict by time window, IP allowlist, rate limit, usage cap, geo-location, or require manual approval via push notification.
    • Policies are reusable: attach one policy to many entities
    • All rules within a policy are AND'd together

What's Next

On this page