Agents without secrets
Your agents never hold a real secret.
Push the release tag to the billing-api repository.
- write
github.write
autovault_github_…
The problem with secrets in context
The moment an API key or OAuth token reaches an agent, it lives in the model's context window, in tool transcripts, and often in logs. From there it can be exfiltrated by a prompt injection, leaked in an error message, or simply over-retained. And because those credentials are usually broad and long-lived, a single leak can mean rotating secrets across your whole stack under pressure.
How credential vaulting works
Secrets stay in the vault
Real credentials are stored encrypted in Clawvisor and never leave it. The agent is issued a handle like autovault_github_… instead.
Swapped at call time
When the agent makes a call, the gateway exchanges the handle for the real secret as the request leaves, so the agent never holds it.
Scoped & short-lived
Each handle works only for the tool and task it was issued to, and expires with the task. A stolen handle is useless out of context.
Rotate without redeploys
Rotate the underlying secret in the vault and every handle keeps working, with no agent code or config to touch.
A leaked agent context exposes a dead handle, not your production keys.
It's one of six power-ups you get from approving the task instead of the tools.
Credentials
Real secrets stay in the vault. Agents receive scoped, short-lived handles that Clawvisor swaps in at call time, never the credential itself.
Let your agents fly. Safely.
Free to start for solo developers. Sign up and put a gateway in front of your agents in minutes. No credit card required.