Credential gateway for agents

Give agents access, not raw credentials.

An identity layer and auth proxy that injects credentials at runtime. No env vars to leak, full cryptographic auditability for every autonomous action.

Install Book a demo

Works with

Claude Code·Hermes agent·OpenClaw·Cursor·Codex

Claude · Authsome broker

›

Trusted by teams at

How it works

One gateway between your agents and the world.

Requests enter with a placeholder. They leave with the real credential. Your agents can't leak the keys they don't see.

agents

••••••••

authsome.

Credential Gateway

verify identity · check policy · inject credential

ghp_x7f2c9d4

apps

agents

••••••••

ghp_x7f2c9d4

authsome.

credential gateway

verify identity

check policy

inject credential

in · placeholder

out · real credential

apps

The key never enters the agent process.

This already happened

Agents leak secrets and break things. Often.

These are real, reported cases. Not rare bugs. This is how agents behave when they hold your keys.

One message, three agents, every key

Researchers showed a single planted message could make coding agents from three major vendors hand over API keys, GitHub tokens, and cloud passwords. One was rated critical.

VentureBeat, April 2026 →

28M

28 million keys leaked

Over 28 million secrets were exposed in public code in 2025, up 34% in a year. Most were keys someone put in a file and pushed without thinking.

GitGuardian, 2026 →

24K

Secrets sitting in agent config

More than 24,000 secrets were found sitting in public agent config files, with over 2,000 of them still valid and working.

GitGuardian, 2026 →

The problem

Env vars hand the real key to the agent.

Anything in that process can read them. The agent, a rogue dependency, or a prompt-injected payload. Authsome is the proxy stack built right.

env vars · today

Keys mounted as env vars. Any code in the process can read them.

with authsome.

Keys live in an encrypted vault. The agent gets a placeholder.

env vars · today

No record of what was called.

with authsome.

Every credential use is a signed, identity-bound audit event.

env vars · today

Rotation means updating every environment template.

with authsome.

Continuous automatic rotation. Nothing to redeploy.

env vars · today

Revocation is impossible once a key leaks.

with authsome.

One click revokes an agent everywhere.

env vars · today

Any agent can call any provider.

with authsome.

Policies decide which agent may use which provider.

env vars · today

with authsome.

Keys mounted as env vars. Any code in the process can read them.

Keys live in an encrypted vault. The agent gets a placeholder.

No record of what was called.

Every credential use is a signed, identity-bound audit event.

Rotation means updating every environment template.

Continuous automatic rotation. Nothing to redeploy.

Revocation is impossible once a key leaks.

One click revokes an agent everywhere.

Any agent can call any provider.

Policies decide which agent may use which provider.

How it is built

Five parts, working together.

Each part does one job. Together they keep your keys safe and your agents running.

L1identity

Knows which agent is acting for which person.

L2policy

Checks each request before any key is read.

L3vault

A locked, encrypted store for your keys, on your machine.

L4auth

Handles the logins. OAuth and API keys, refreshed for you.

L5audit

A running log of every key use, so you can see what happened.

What you get

Built for the way agents actually run.

Invisible Proxy Layer

Agents make API calls normally. The proxy injects the auth header before forwarding. Credentials are never in the execution environment.

Cryptographic Agent Identity

Every agent receives an Ed25519 key pair and a did:key DID. Every request carries a Proof-of-Possession JWT.

Full Auth Lifecycle

Handles PKCE, Device Code, Dynamic Client Registration, Service Accounts, and API key flows. Continuous automatic rotation.

Verified Audit Trails

Every credential use produces a structured, identity-bound audit event. Export directly to OpenTelemetry.

Access Policies

Specify exactly which agents can use which providers. Unauthorized agents get a 403, evaluated before header injection.

One-Click Revoke

Immediately invalidate the header cache, terminate access, or revoke an agent's entire vault access instantly.

Isolated Vaults

Credentials from one tenant are never resident in another tenant's process or route table.

Integrated Agent Skill

Agents can bootstrap their identity, authenticate a provider, and start the proxy without human intervention.

Who is it for?

Built for teams scaling AI agents.

profile 01

AI Platform Teams

Stop building bespoke auth plumbing for every new agent framework. Deploy a unified, secure credential layer across your entire organization.

profile 02

Security & Compliance

Gain total visibility. Ensure AI agents adhere to the principle of least privilege with cryptographically verified audit trails and one-click revocation.

profile 03

AI Application Developers

Focus on building agent intelligence, not wrestling with OAuth flows, token refreshes, and API key management.

Drop in

One command. Zero code changes.

Add the skill to your agent and try a task. The agent installs Authsome if needed. The proxy runs as a sidecar. Agents keep making standard API calls.

Quickstart Docs →

Quickstart Example

›

FAQ

Questions? Answers.

Do I have to change my agent's code to use Authsome?+

No. The proxy runs as an HTTPS sidecar. Agents make standard API calls normally to external services (like OpenAI or GitHub). The proxy intercepts the request, maps the endpoint, and injects the necessary headers on the fly.

Can we self-host Authsome?+

Yes. Authsome is MIT Licensed open source. It can be deployed entirely within your own VPC or bare-metal infrastructure, ensuring credentials never leave your network. We also offer a fully managed enterprise solution.

How do you handle OAuth login flows for headless agents?+

Authsome abstracts the complexity. Initial setup can utilize browser PKCE, device code flows, or service accounts. Once authenticated, token refreshes happen automatically in the background, keeping your headless agents running without interruption.

Does Authsome support custom APIs or internal services?+

Yes. While Authsome bundles definitions for major providers like GitHub, Google, Linear, Anthropic, and OpenAI, you can define internal or custom APIs via a simple JSON configuration. No code changes required.

How do AI agents interact with Authsome dynamically?+

Authsome ships as an integrated skill. Agents can bootstrap their identity, authenticate a provider, and start the proxy without human intervention using structured tool calls.

How is this different from Doppler or .env files?+

Those hand the real secret to your agent's process. Authsome does not. The agent gets a placeholder, and the real key is added only as the request leaves the environment. Authsome also manages identities, verifies audit logs, and handles token lifecycles.

deploy safely

Stop building fragile auth plumbing.

Open-source Credential Gateway for AI Agents

Install Book a demo