FyVault
Security Risk

Your AI agents are using your keys

Right now, when you give Claude or Cursor access to your codebase, you're handing over the keys to the kingdom. Same API keys. Same database passwords. No limits. No tracking. If the agent hallucinates a DELETE query, it runs with your production credentials.

AI Agent
FyVault
fvag_*
Specific Secrets Only

Scoped tokens ensure agents only access the secrets you explicitly allow.

Here's what your agent can and can't access

Agent Credentials create a trust boundary between your AI tools and your secrets.

AI AgentClaude / GPT / Devinfvag_a8f2c91d...FyVaultTrust BoundaryScope + Rate-limit + ExpirySTRIPE_KEYDB_URLAWS_ROOTx
Guardrails

What happens when an AI agent goes rogue?

Nothing -- if you set the boundaries first. Every agent credential ships with hard limits that no amount of hallucination can override.

What can it actually touch?

You decide exactly which secrets each agent can read. It gets the Stripe key for billing work. It never sees your AWS root credentials. Period.

STRIPE_KEY
DATABASE_URL
AWS_ROOT_KEY

Why does Claude need 10,000 req/min?

It doesn't. Set per-agent rate caps so a hallucinating loop can't burn through your API quota in sixty seconds. You set the ceiling, FyVault enforces it.

req/min42 / 100

What if the token leaks?

Even a stolen credential is useless outside your network. Lock it to specific CIDRs so it only works from your CI runners, your VPC, your infrastructure.

10.0.0.0/8
172.16.0.0/12
0.0.0.0/0

Forgotten tokens are ticking time bombs

Agent credentials auto-expire. No more year-old tokens sitting in a .env file that nobody remembers creating. The clock starts the moment you issue one.

expires29d 11h left

Fix it in thirty seconds

One command. That's all it takes to stop sharing your personal keys with AI agents.

agent-credentials
$ fyvault agent-creds:create --name="Claude" \
--type=ai_assistant \
--scopes=SECRETS_READ \
--rate-limit=100
✓ Agent credential created
Name: Claude
Type: ai_assistant
Prefix: fvag_a8f2c91d
Scopes: SECRETS_READ
Rate: 100 req/min
Token: fvag_a8f2c91d_sk_live_4eC39HqLyjWDarjtT1zdp7dc
⚠ Copy this token now — it won’t be shown again.

Your keys vs. their keys

Sharing your personal API keys with AI agents is like giving an intern the root password on day one. Agent Credentials give them exactly what they need to do their job.

Your Personal Keys

  • Full access to every secret in your vault
  • No rate limits -- unlimited blast radius
  • Never expire -- forgotten for months or years
  • No way to tell which agent did what

Agent Credentials

  • Whitelisted to only the secrets it needs
  • Rate-capped so runaway loops hit a wall
  • Auto-expire in 30 days -- no forgotten tokens
  • Full audit trail tied to each agent identity
SDK

Already use the SDK? Even easier.

Provision scoped credentials programmatically from your existing deploy pipeline. No dashboard clicking required.

Node.js
// Create agent credentials
const cred = await fv.agentCredentials.create({
  name: "Claude Code",
  type: "ai_assistant",
  scopes: ["SECRETS_READ"],
  rateLimitRpm: 100,
  expiresInDays: 30,
});
Python
# Create agent credentials
cred = await fv.agent_credentials.create(
    name="Claude Code",
    type="ai_assistant",
    scopes=["SECRETS_READ"],
    rate_limit_rpm=100,
    expires_in_days=30,
)
48,000+
agent credentials issued
0
production incidents from AI agents
30 days
max token lifetime by default

The alternative? Hope nothing goes wrong.

Keep sharing your personal API keys with every AI tool. Keep hoping an agent doesn't hallucinate a destructive command with full production access. Or fix it right now.

Every minute your AI agents run with your personal keys is a minute you're exposed.