EARLY ALPHAMockups shown below · live product previewing for early-access teams

Your agents deserve
an identity.

AgentKeys is the identity layer for AI agents. Each agent gets its own scoped API keys, a tamper-evident audit trail, and a one-command off switch. Works with Claude Code, Cursor, OpenClaw, and any MCP-compatible agent — no changes to the tools you already use.

Request early access Early-access teams get a signed binary directly.
Internal test — early access now macOS · Linux · Windows (WSL) MIT or Apache-2.0
AgentKeys· ada@agentkeys.heima.network
v0.6.2
Workspace
Home
Assistants
Keys
Activity
Finance
Account
Settings
Credits
$115.80
~30 days left
Good morning, Ada
Your assistants made 1,037 requests in the last 24 hours. Everything looks good.
24h requests
Active
6
assistants
Services
14
connected
Requests
1,037
24h
Credits
$115.80
of $300
Assistants
6 total
N
nightingale
nightingale@agentkeys.heima.network
OR
AN
GH
Working
H
harbor
harbor@agentkeys.heima.network
AN
NT
BR
Working
E
ember
ember@agentkeys.heima.network
OR
GH
Needs attention
S
sandstone
sandstone@agentkeys.heima.network
AN
S3
Idle
Recent activity
Live
N
nightingale · OpenRouter
Request successful · 18 ms
2s ago
H
harbor · Notion
Read page · 120 ms
14s ago
N
nightingale · GitHub
Created issue · 240 ms
38s ago
E
ember · OpenRouter
Budget 82% used
1m ago
H
harbor · Anthropic
Request successful · 76 ms
2m ago
agentkeys desktop · 0.6.2
The problem

The agent economy needs
a home for every agent.

As your agents multiply, they need their own identity, their own credentials, their own memory, their own audit trail — isolated from you and from each other. Today, they borrow yours. That doesn't scale, and it doesn't survive the first incident.

01
Identity
Every agent needs a stable identity — an email, an account, a profile — separate from yours. Today agents impersonate the human. That breaks the moment an agent is compromised, or works in parallel, or leaves a team.
02
Credentials
OpenAI, Brave, GitHub, Notion — every agent accumulates keys. Pasted into .env files, shared across agents, impossible to revoke one without rotating them all. A leak is catastrophic.
03
Memory & audit
Agents read files, browse the web, remember context. Where does that memory live? Who read which key, when, from which sandbox? Without a home, it lives on your laptop — unaudited, unisolated, lost on reboot.
Quickstart

Six lines.
No dashboards.

Install, sign in, store a key. Your agent reads via MCP. If anything goes wrong, one command kills access across every service that agent was touching — in under six seconds.

macOSLinuxWindows · WSLbrewapt
terminal — install & first agent
# Install on your Mac
curl -fsSL https://get.agentkeys.heima.network/install.sh | sh
 
# Sign in with Google
agentkeys init
 
# Store a key, scoped to one agent
agentkeys store myFirstAgent openrouter sk-or-v1-a7c29f...
 
# Inside the sandbox, the agent reads it via MCP
agentkeys.get_credential(service: "openrouter")
#→ sk-or-v1-a7c29f...
 
# Something wrong? One command.
agentkeys revoke myFirstAgent
#→ Access denied — agent 'myFirstAgent' was revoked.
Two ways to adopt

No config rewrites.
Pick your flow.

The skill route gives the agent agency — it asks for credentials when it needs them, provisions what's missing, and releases them when it's done. The launch route is lower-magic: your settings.json stays untouched, and AgentKeys fills in env vars at launch.

Both flows share the same vault & audit trail.
One-time install
# Google OAuth — creates your vault
$ agentkeys init
# install the skill into your agent runtime
$ claude skill install agentkeys
# or: cursor skill install · openclaw skill install
That's it. The agent takes over.
The skill exposes get_or_provision, release, and list_scoped. Your agent asks for what it needs, in plain language, at the moment it needs it.
Claude Code · agent: myFirstAgent
Skill active
You
Pull the latest issues from the acme-ai repo and summarize them.
Agent
I'll need a GitHub token for that. Checking the vault…
Skill call
agentkeys.get_or_provision(service: "github", scope: "repo:read")
Vault
Found scoped token for agent: myFirstAgent · read access · expires 24h
Agent
Got it. Fetching issues now.
You
Also, post the summary to our Notion workspace.
Agent
I don't have a Notion key yet — provisioning one.
Skill call
agentkeys.provision(service: "notion")
Provisioning
Playwright → notion.so · sign up with myFirstAgent@agentkeys.heima.network
Vault
Stored secret_•••••• · scoped to agent: myFirstAgent
Agent
Done. Summary posted, credentials released back to the vault.
Works with Claude Code, Cursor, OpenClaw, Codex, and any MCP-compatible client.
Four things

Built for how agents
actually use credentials.

Per-agent scope
Every agent gets its own session. Credentials are keyed to that agent; one agent can't see another agent's keys. A leak stays contained.
One-command revoke
Run agentkeys revoke my-agent and access dies across every MCP server, every service, in under six seconds. No dashboard-hopping.
Audit by default
Every store, read, and revoke is logged. See which agent used which key, when, from which sandbox. Optional tamper-proof mirror for teams that need it.
Zero-setup email
Every agent gets a real email address the moment you create it — myFirstAgent@agentkeys.heima.network. No DNS, no admin console.
The magic moment

Every other key,
on demand.

Bring your own Claude or OpenRouter key. From there, your OpenClaw agent can ask AgentKeys for anything else it needs — OpenAI TTS, Brave Search, SendGrid — and we'll sign it up, verify the email, and hand back a scoped key. No human, ~30 seconds per service.

OpenAI · liveBrave Search · liveOpenRouter · liveHugging Face · betaSendGrid · soon
Every agent also gets a real inbox at agentkeys.heima.network — free, zero setup. That's the address Playwright uses to receive the verification email during sign-up.
Auto-provisioning · live
00:28
you
Can you draft a short voiceover for this week's product update and hand me back an MP3?
assistant
I have your Anthropic key, but I need OpenAI TTS and a search API. Provisioning now.
mcp tool
agentkeys.provision(service: "openai")
playwright
Playwright → platform.openai.com · sign up · verify email · create key
agentkeys
Stored sk-•••••• · scoped to agent: myFirstAgent
mcp tool
agentkeys.provision(service: "brave-search")
agentkeys
Stored BSA-•••••• · inbox myFirstAgent@agentkeys.heima.network
assistant
All set. Researching the update, then generating the voiceover.
How it works

Broker, not proxy.

We hand your agent a key and get out of the way. Your agent calls OpenRouter, GitHub, Notion directly — we don't proxy traffic, so your latency and reliability stay in your hands.

01
You sign in
Google OAuth. We mint a master session. Your keys live in a hardware-isolated enclave — never on our operator's disk.
02
You create an agent
Assign a name, an avatar, and a monthly spending cap. The agent gets its own email on agentkeys.heima.network.
03
You store or provision keys
agentkeys store for keys you already have. agentkeys.provision for services the agent can create on its own.
04
The agent reads via MCP
Inside any sandbox — Claude Code, Cursor, OpenClaw, your own Docker setup. We inject the key; the agent talks to the service directly.
Billing · preview

Top up with what
you already use.

At launch you'll pay in dollars, yuan, or euros — AgentKeys handles the currency conversion behind the scenes to pay service providers. Your agent sees a balance; you never see a wallet. During internal test, we're running on test credits.

Internal test · test credits
$115.80
Example test balance · rails previewed below
Request access
Credit card
USD · EUR · GBP
Visa · Mastercard · Amex
via Stripe · at launch
Alipay
¥
Balance in CNY
at launch · mainland China
Stablecoin
USDC
USDC on Base · Arbitrum
for crypto-native teams
SEPA
EUR
Bank transfer
at launch · for EU teams
Rails shown are a preview. One of the only agent tools that will take Alipay and WeChat Pay directly — built for teams in regions where Stripe USD isn't the default.
Open. Reproducible. Honest.

Every line in the
trust boundary, open.

AgentKeys is MIT OR Apache-2.0. Every component in the trust boundary is open source — CLI, daemon, MCP adapter, provisioner, the credential backend itself.

Reproducible builds verified in CI. Supply chain scanned with cargo audit and cargo vet.

We're honest about limits: on a stock sandbox, the session file is readable by the sandbox's own user — so fast revocation (under six seconds) is our primary line of defense. We don't claim SOC 2 we don't have.

Heima
For teams with wallet-native workflows
AgentKeys on Heima · tamper-proof, on-chain audit
Same credential stack, same trait — plus ENS sub-wallets, USDC billing, and every credential read recorded as a chain event. A separate product for a different audience.
Learn more

Kill .env files.
Ship agents you can trust.

AgentKeys is in internal test. Request early access and store your first credential in under a minute.

Request early access Read the docs
$ curl -fsSL https://get.agentkeys.heima.network/install.sh | sh