For builders shipping AI agents
Stop hardcoding API keys into your AI agents.
Your agents need GitHub, Linear, Notion, Stripe. Today their keys live in scattered .env files with zero oversight. AgentKey hands credentials to agents on demand — they request what they need, you approve once, secrets never get hardcoded.
Self-hostable.Works with OpenClaw, Claude Code, Cursor, OpenAI Agents, LangChain, and any HTTP-capable agent.
The Governance Gap
Your agents have keys to everything.
You have no visibility.
Engineers hand API keys to agents for quick scripts. Those scripts become production systems. The keys live forever in env vars, config files, and secret managers — with no central record of who has access to what, or why.
Fragmented Key Management
Every agent gets a long-lived API key pasted into its config. No rotation, no expiry, no record of who provisioned it. When someone leaves the team, those keys stay active.
No Audit Trail
Which agent has access to Stripe? Who approved it? When? Today the answer lives in someone's Slack history — if it exists at all. Access reviews for agents don't exist.
The Wild Part
The first credential broker that grows itself.
Don't guess which tools to provision. Deploy your agents and let them drive the catalog. When an agent needs a tool that doesn't exist yet, it suggests it — with a justification — and every other agent that needs the same thing gets access the moment you approve.
DISCOVER
Agent checks the catalog
Every time an agent needs a tool, it calls the API to see what's available. No stale configs. No assumptions.
SUGGEST
Missing tool? Agent suggests it
If the catalog doesn't have what the agent needs, it suggests a new tool with a URL and reason. Multiple agents can back the same suggestion — the admin sees the demand.
PROVISION
Admin adds, agents get access
When the admin adds the suggested tool to the catalog, pending access requests are automatically created for every agent that asked for it. One click to approve.
How It Works
Four steps. No agent can access any SaaS tool without explicit human approval.
Create Agent Identity
Admin registers the agent in the dashboard. Gets back an API key and ready-to-paste config snippets. That's the only credential the agent ever manages.
Agent Requests or Suggests
The agent checks the catalog. If the tool exists, it requests access with a justification. If not, it suggests a missing tool. Multiple agents can back the same suggestion.
Human Approves or Denies
Admin reviews the request in a single inbox and approves with one click. Denial reasons are sent back to the agent automatically.
Agent Fetches Credentials
Approved agents fetch the credential plus a company-specific usage guide: API URLs, channel IDs, repo conventions, rules. Context on demand, zero bloat.
Full walkthrough
End to end, no cuts.
Create an agent, teach it about AgentKey, watch it request a tool, approve it, and fetch credentials with company-specific context. Five minutes, the real product.
Drop-In Setup
Paste this into your CLAUDE.md. That's it.
Your agent now knows how to discover tools, request access, and fetch credentials on demand. Works wherever your agent reads system instructions — CLAUDE.md, TOOLS.md (OpenClaw), .cursorrules, AGENTS.md, or a system prompt field.
No SDK. No wrapper. No framework lock-in. Just a prompt and a REST API your agent already knows how to call.
Every agent, every tool, one queue.
Access requests and tool suggestions land in one inbox. Approve or deny with one click. Every decision is logged, forever.
Works with every agent framework
OpenClawClaude CodeCursorClineOpenAI AgentsLangChainAI SDKCustom Agents
If your agent can make an HTTP request, it works with AgentKey. No SDK, no wrapper, no lock-in.
Built on Cloudflare
One Worker serves the app, API, assets, auth, rate limiting, email, and AI drafting with D1 as the production source of truth.
WorkersWorkers AssetsD1Workers AIEmail ServiceTurnstileObservability
Security
Security is the product.
AgentKey stores third-party credentials, so every layer is designed for that. The same rigor you apply to human access reviews — now for your agents.
Encryption at Rest
All SaaS credentials are AES-256 encrypted in the database. Agents receive credentials on demand — they never store raw secrets.
AES-256 ENCRYPTED
Full Audit Log
Every registration, request, approval, denial, revocation, and credential fetch is logged. Append-only, queryable, filterable by agent, tool, or date.
APPEND-ONLY
Instant Revoke
One click to revoke any agent's access to any tool. Takes effect immediately — the agent's next credential request returns 403.
ONE-CLICK REVOKE
Context on Demand
Each tool includes a usage guide — API URLs, channel IDs, repo conventions, rules. Sent only when the agent fetches the credential. Zero context bloat.
LAZY-LOADED
Questions
What types of AI agents does AgentKey work with?
Any agent that can make HTTP requests. OpenClaw, Claude Code, Cursor, Cline, the OpenAI Agents SDK, LangChain, the AI SDK, your own custom stack — if it can call a REST API, it works with AgentKey. No special SDK or framework required.
What counts as a "tool"?
Any SaaS or external service your agents need credentials for. GitHub, Linear, Notion, Slack, Discord, Stripe, Cloudflare, Datadog — anything with an API key, OAuth token, or bot token.
How do agents know how to use the API?
When you create an agent, AgentKey generates a system prompt snippet with full API instructions. Paste it into your agent's config. Agents can also call GET on any endpoint to discover the expected schema and self-correct.
What if an agent needs a tool that's not in the catalog?
The agent can suggest it. It calls POST /api/tools/suggest with the tool name, URL, and reason. The suggestion lands in your inbox. When you add the tool, access requests are automatically created for every agent that asked for it.
How are credentials stored?
AES-256-GCM encrypted at rest in the database. Agents never store raw secrets — they fetch credentials on demand via the API. When you rotate a shared credential, all agents get the new one automatically on their next fetch.
What's a "usage guide"?
Company-specific context sent alongside the credential. For example: Discord channel IDs, GitHub repo conventions, Linear project keys. It's only loaded when the agent fetches the credential — keeping agent context clean until the tool is actually needed.
Can I get notified when agents make requests?
Yes. Set up Slack or Discord webhooks in the dashboard. You'll get a notification for every new access request and tool suggestion.
Is there an approval workflow?
Yes. Every access request and tool suggestion requires human approval. AgentKey organizations let multiple people review and approve requests.
I want to self-host. How hard is it?
AgentKey runs as a Cloudflare Worker with Workers Assets, D1, Workers AI, Email Service, and Turnstile. Configure the bindings in wrangler.jsonc, set the required secrets, run the D1 migrations, and deploy.
Is this overkill for a 3-person team?
No. The pain scales down: one rotated key you forgot about, one offboarded contractor whose .env still has prod Stripe, one hobby agent that silently got prod-level GitHub access. The approval queue takes seconds per request — you get governance without bureaucracy.