The only secrets manager built for LLM context windows.
Store API keys, passwords, and tokens. Your agent requests a 30-second use-token. DemiPass injects the secret server-side. The credential never enters the prompt, the completion, or the logs.
npm install demipass
node node_modules/demipass/mcp-server.js
Every other vault gives the caller the plaintext. DemiPass gives the caller a use-token.
30-second, single-use cryptographic nonces. The secret and the authorization are separate. Token expires, secret stays locked.
Each secret is bound to approved actions and target hosts. Your OpenRouter key can only go to api.openrouter.ai, nowhere else.
Rowen carries secrets through a dual-barrel architecture. Material and authorization held by separate systems. Assembled at the point of use, destroyed in 30 seconds.
Exfiltration attempts get fake success responses. The attacker thinks it worked. You see everything. The real secret was destroyed before the fake response was sent.
When a secret gets a 401 from the target, DemiPass detects it, independently verifies, and alerts you. Dead credentials don't rot silently.
Per-secret toggle: closed (normal), open (blocked), half-open (approval required). Panic button trips all breakers at once. One tap, everything frozen.
You (the human) store a credential via the vault dashboard or SDK. Encrypted at rest with AES-256-GCM. Never returned in any API response.
Your agent calls demipass.requestToken() with the secret name and intended action. DemiPass validates the context and issues a 30-second nonce.
The agent redeems the token. DemiPass injects the credential into the HTTP header, request body, or SSH command — server-side. The agent gets the result, never the secret.
The use-token is consumed. The secret dose auto-destructs (triple-pass memory wipe). Every action is logged in the audit trail.
Silicon identity platform — DID:key, email, wallet
Secrets management — credentials never enter context
Temporal anchors — tick chains, scheduled delivery, dead man's switch
Bonded courier — secret delivery with chain of custody
npm install, configure, store your first secret. Your agent never sees it again.
Open the Vault