Token Vault
Getting Started

What is Token Vault? Architecture & Core Concepts

Secure credential management and MCP proxy for AI agents - store, encrypt, and control access to your API keys and OAuth tokens.

Token Vault is a platform that stores your external service credentials (GitHub PATs, Google APIs, Stripe keys, and more) in an encrypted vault and provides controlled access to AI agents through an MCP proxy. Agents never see your real credentials. They go through Token Vault, which enforces policies, logs access, and can revoke everything instantly.

The Problem

AI agents need credentials to call external APIs on your behalf. Today, that typically means:

  • Plaintext config files - API keys stored in .env files, Claude config JSON, or shell history
  • No revocation - once a credential leaks, you have to rotate it at the provider and update every agent
  • No audit trail - you have no visibility into which agent used which credential and when
  • No scoping - agents get full access to whatever the credential allows, with no time limits or restrictions

System Architecture

Loading diagram...

How Token Vault Solves It

Token Vault sits between your AI agents and the APIs they need to access:

Loading diagram...

Four capabilities make this work:

  • Encrypted vault - credentials are encrypted with AES-256-GCM before storage. Depending on your vault mode, the encryption key is held by Token Vault or owned entirely by your webhook.
    • Platform Mode: Token Vault holds the key for zero-config simplicity
    • Webhook Mode: your webhook owns the encryption key, and Token Vault never sees your plaintext credentials
  • MCP proxy - agents connect to Token Vault's MCP proxy endpoint instead of directly to APIs. The proxy injects real credentials into requests on the fly. Agents never see the actual keys.
    • Supports any upstream MCP server (GitHub, Slack, Google, custom)
    • Proxy keys are random strings, so no credential material appears in agent configs
  • Agent grants - each agent gets scoped, time-limited access to specific credentials. A grant expires automatically, and you can revoke it at any time.
    • REST and MCP interfaces for credential retrieval
    • Per-credential expiry from 1 hour to 30 days, or "until revoked"
  • ABAC policies - attach attribute-based access control rules to any agent, proxy, or token. Restrict by time window, IP allowlist, rate limit, usage cap, geo-location, or require manual approval via push notification.
    • Policies are reusable: attach one policy to many entities
    • All rules within a policy are AND'd together

Two Vault Modes

Token Vault offers two vault modes that determine where your data is stored, how it is encrypted, and who can decrypt it. You choose a mode during initial setup and can change it later. See Vault Modes for a detailed comparison.

What's Next

Initial Setup

Sign in, choose a vault mode, and configure your first token.

Token Management

Add tokens via OAuth or manual entry, and configure automatic refresh.

Token Vault Documentation

Secure credential management and MCP proxy for AI agents

Initial Setup

Sign in to Token Vault, choose a vault mode, and add your first credential.

On this page

The ProblemSystem ArchitectureHow Token Vault Solves ItTwo Vault ModesWhat's Next