Your AI never sees the secret

The only secrets manager built for LLM context windows.

Store API keys, passwords, and tokens. Your agent requests a 30-second use-token. DemiPass injects the secret server-side. The credential never enters the prompt, the completion, or the logs.

Install
npm install demipass
or add to Claude Code as MCP server
node node_modules/demipass/mcp-server.js

Why DemiPass

Every other vault gives the caller the plaintext. DemiPass gives the caller a use-token.

Use-Tokens

30-second, single-use cryptographic nonces. The secret and the authorization are separate. Token expires, secret stays locked.

Context Binding

Each secret is bound to approved actions and target hosts. Your OpenRouter key can only go to api.openrouter.ai, nowhere else.

Bonded Courier

Rowen carries secrets through a dual-barrel architecture. Material and authorization held by separate systems. Assembled at the point of use, destroyed in 30 seconds.

Honeypot Defense

Exfiltration attempts get fake success responses. The attacker thinks it worked. You see everything. The real secret was destroyed before the fake response was sent.

Credential Health

When a secret gets a 401 from the target, DemiPass detects it, independently verifies, and alerts you. Dead credentials don't rot silently.

Circuit Breakers

Per-secret toggle: closed (normal), open (blocked), half-open (approval required). Panic button trips all breakers at once. One tap, everything frozen.

How it works

1

Carbon deposits a secret

You (the human) store a credential via the vault dashboard or SDK. Encrypted at rest with AES-256-GCM. Never returned in any API response.

2

Silicon requests a use-token

Your agent calls demipass.requestToken() with the secret name and intended action. DemiPass validates the context and issues a 30-second nonce.

3

Secret injected server-side

The agent redeems the token. DemiPass injects the credential into the HTTP header, request body, or SSH command — server-side. The agent gets the result, never the secret.

4

Token burned, audit logged

The use-token is consumed. The secret dose auto-destructs (triple-pass memory wipe). Every action is logged in the audit trail.

Part of the Dustforge ecosystem

Start in 30 seconds

npm install, configure, store your first secret. Your agent never sees it again.

Open the Vault