Just-in-time credentials for your AI agents. Scoped, audited, and automatically revoked — through 8 independent security layers.
How it works
Your agents never hold a secret
Instead of embedding API keys in your agent code, AgentVault8 issues a real short-lived credential on demand — scoped, timed, and revoked automatically.
Agent requests a token
The agent calls POST /api/proxy/token with its API key, declaring which service it needs, the scope, and purpose. No master credential is stored in agent code.
8 layers evaluate the request
Identity is verified, the policy engine checks scope and TTL, contextual shielding validates the environment, and PII is redacted from the purpose field.
Real credential returned
A real AWS STS session, GitHub installation token, or Slack delegate token is returned. It expires automatically. The kill switch nukes it instantly if needed.
The "8" in AgentVault8
Eight independent security layers
Every credential request passes through all 8 layers in sequence. A failure at any layer causes an immediate denial with a precise reason code — and an audit event.
Identity Attestation
Verifies agent code integrity via SHA hashes before any credential is issued. Compromised agents are blocked before policy evaluation.
Dynamic Scoping
Narrows cloud provider permissions to the exact resource requested. No agent ever gets broader access than its declared task.
Temporal Logic
Strict TTL enforcement on every issued credential. Global ceiling of 12 hours. Tokens self-destruct automatically at expiry.
Contextual Shielding
Access granted only when the agent is running in a sanctioned environment — verified region, VPC, or deployment context.
Non-Human IGA
Automated governance review cycles for Machine-to-Machine relationships. Every agent identity has a defined owner and policy.
Audit Logging
Immutable record of every request, issuance, denial, and revocation with full context for compliance and forensics.
Secret Redaction
PII patterns — emails, phone numbers, card numbers — are automatically scrubbed from all stored fields before persistence.
Auto-Revocation
One-click kill switch immediately revokes all active tokens across every service when an agent is flagged as compromised.
Pricing
Simple, transparent pricing
Start free, scale when you need to. All plans include all 8 security layers.
Starter
For individuals and small teams evaluating agent security.
- Up to 3 agents
- 1,000 JIT tokens / month
- AWS + GitHub integrations
- 7-day audit log retention
- Community support
Pro
For growing teams shipping AI agents to production.
- Up to 25 agents
- 50,000 JIT tokens / month
- AWS, GitHub + Slack integrations
- 90-day audit log retention
- Policy engine with custom rules
- Kill switch + auto-revocation
- Email support
Enterprise
For organizations with compliance and scale requirements.
- Unlimited agents
- Unlimited JIT tokens
- All integrations + custom connectors
- Unlimited audit log retention
- SOC 2 Type II report
- SSO / SAML
- Dedicated SLA + onboarding
Your agents deserve a vault
Stop hardcoding API keys. Start issuing short-lived, scoped, audited credentials through AgentVault8 — the only agent access & governance platform built specifically for AI agents.