Skip to main content

Secret Vault

The Secret Vault creates a secure boundary between your AI agents and your sensitive API keys. It enables agents to use services like OpenAI, Anthropic, or Databases without ever possessing the actual credentials.

How It Works

  1. Configuration: You store your real API keys in the ABS Cloud Vault (encrypted).
  2. Placeholder Usage: Your agent uses placeholders in its code or environment variables:
    • {{OPENAI_KEY}}
    • {{ANTHROPIC_KEY}}
    • {{DB_PASSWORD}}
  3. JIT Injection: When the agent makes a request through the ABS Proxy, the Secret Vault intercepts the request and swaps the placeholder for the real key Just-In-Time.
  4. Zero Leakage: The response is sanitized before returning to the agent, ensuring the key is never reflected back.

Supported Providers

The vault currently supports:
  • OpenAI ({{OPENAI_KEY}})
  • Anthropic ({{ANTHROPIC_KEY}})
  • Google Gemini ({{GEMINI_KEY}})
  • Cohere ({{COHERE_KEY}})
  • Mistral ({{MISTRAL_KEY}})

Security Guarantees

  • Fail-Close: If a placeholder is found but no key is configured, the request is blocked.
  • Audit Trail: Every injection event is logged (internally) with timestamp, IP, and provider, but the key itself is never logged.
  • Rate Limiting: Injection is subject to strict rate limits to prevent brute-force discovery of keys.