AxioRankZero-Trust for AI Agents
Open the console

Secrets broker

Your agents never hold the keys.

Store upstream credentials in a vault, bind them to the tools that need them, and let the gateway inject the real secret after the agent boundary. The agent passes a handle, the upstream call gets the key, and the stored record keeps neither.

Open the consoleRead the docs

vault-backed · injected at the gateway · redacted in the audit log

what the agent sends
{ "auth": "{{secret:stripe_live}}" }
what Stripe receives
Authorization: Bearer sk_live_••••4f2a
the raw key never crosses the agent boundary
0
Raw secrets in agent memory
1-click
Rotate or revoke centrally
Vault
Encrypted credential store
Team
Available from Team up

The problem

A key in an agent is a key everywhere the agent goes.

Hand an agent a long-lived API key and it lives in prompts, logs, traces, and memory. One prompt injection or one leaked transcript and the key is gone. The broker removes the key from the agent entirely.

Shrink the blast radius

The credential exists in the vault and on the upstream wire, not in the model context an attacker can reach.

Rotate without redeploying

Change the secret in one place. Every agent bound to it picks up the new value on the next call.

Scope it to one tool

A binding ties a secret to a specific tool and agent, so a compromised agent cannot borrow another's credentials.

How injection works

Follow a credential through the gateway.

Step through a single brokered call. The agent references the secret by handle, the gateway resolves the binding, the real key is injected onto the upstream request only, and the result returns with the secret redacted.

agent → gateway

The agent references the credential by handle, never by value.

{
  "tool": "stripe.refund",
  "args": {
    "charge": "ch_3NkP…",
    "auth": "{{secret:stripe_live}}"
  }
}
Agent can read the keyNo, never

Wire it up

Store a secret, bind it, reference it.

Secrets are stored over an HTTP-only path and bound to the tools allowed to use them. From then on a call references the handle and the gateway does the rest.

POST /v1/secrets
curl -X POST https://api.axiorank.com/v1/secrets \
  -H "Authorization: Bearer $AXIORANK_KEY" \
  -d '{
    "handle": "stripe_live",
    "value": "sk_live_…",
    "bindings": [{ "tool": "stripe.*", "agent": "agent_7f3c" }]
  }'

Proof without the secret

The audit log keeps a redaction marker where the credential was, so you can prove which call used which secret without ever storing the value.

Your keys, your control

Wrap the whole vault under a key only you hold.

On Enterprise, every brokered secret is wrapped by a KMS key in your own account. Revoke the grant and AxioRank can no longer decrypt anything, even though the ciphertext stays where it is.

EnterpriseSee bring your own key

Keep exploring

Continue across the control plane.

Agent identity

Short-lived signed tokens that verify locally and cannot be replayed.

Open

MCP gateway

Every tool call scored, policed, and logged on the hot path in under 100 ms.

Open

Policy engine

Glob and context rules with deny-overrides. One line says no production database.

Open

Content inspection

More than 31 detectors across secrets, destructive commands, injection, PII, and egress.

Open

Bring your own key

Wrap the broker's secrets under a KMS key only your team controls.

Open

Secrets broker docs

Store a secret, bind it to a tool, and reference it from a call.

Open

Take the keys out of your agents.

Put the gateway in front of the tools your agents call, store the credentials once, and stop shipping secrets into model context.

Open the consoleCompare plans