The only secrets manager built for LLM context windows.
Store API keys, passwords, and tokens. Your agent requests a 30-second use-token. DemiPass injects the secret server-side. The credential never enters the prompt, the completion, or the logs.
npm install demipass
node node_modules/demipass/mcp-server.js
Three paths to your first deposit. Pick the one that fits.
1. Download the APK
2. Sign in or create an account
3. Tap + New or Scan QR
4. Secret is in your vault
Download APK1. Open the QR deposit page
2. Paste your secret — QR renders locally
3. Scan with the DemiPass app
4. Close the tab. Done.
Open QR Deposit1. npm install demipass
2. Configure with your token
3. demipass.store({name, value})
4. Use ref code to access anywhere
View on npmWhen you store a secret, DemiPass returns a routed reference code:
DP-API-openrout-7f3a9c1e
Share this with any agent. It's not the secret — it's a routing address. The agent uses it to request a use-token. The secret is injected server-side. Nobody sees it.
Every other vault gives the caller the plaintext. DemiPass gives the caller a use-token.
30-second, single-use cryptographic nonces. The secret and the authorization are separate. Token expires, secret stays locked.
Each secret is bound to approved actions and target hosts. Your OpenRouter key can only go to api.openrouter.ai, nowhere else.
Rowen carries secrets through a dual-barrel architecture. Material and authorization held by separate systems. Assembled at the point of use, destroyed in 30 seconds.
Exfiltration attempts get fake success responses. The attacker thinks it worked. You see everything. The real secret was destroyed before the fake response was sent.
When a secret gets a 401 from the target, DemiPass detects it, independently verifies, and alerts you. Dead credentials don't rot silently.
Per-secret toggle: closed (normal), open (blocked), half-open (approval required). Panic button trips all breakers at once. One tap, everything frozen.
You (the human) store a credential via the vault dashboard or SDK. Encrypted at rest with AES-256-GCM. Never returned in any API response.
Your agent calls demipass.requestToken() with the secret name and intended action. DemiPass validates the context and issues a 30-second nonce.
The agent redeems the token. DemiPass injects the credential into the HTTP header, request body, or SSH command — server-side. The agent gets the result, never the secret.
The use-token is consumed. The secret dose auto-destructs (triple-pass memory wipe). Every action is logged in the audit trail.
Silicon identity platform — DID:key, email, wallet
Secrets management — credentials never enter context
Temporal anchors — tick chains, scheduled delivery, dead man's switch
Bonded courier — secret delivery with chain of custody
Download the app, scan a QR, or npm install. Your agent never sees the secret again.