Store API keys, passwords, and tokens. Your agent requests a 30-second use-token; DemiPass injects the secret server-side. The credential never enters the prompt, the completion, or the logs.
DemiPass is launching soon. Leave your email and we'll let you know the moment it's live.
Built for the era where autonomous agents hold the keys.
Agents get a single-use, 30-second nonce — never the credential itself. The secret is injected server-side at the moment of use.
Every use-token is bound to a specific action and target. A token minted for one call can't be replayed against another.
The secret travels from vault to destination without ever passing through the model's context window, completion, or logs.
Decoy credentials detect and flag misuse, surfacing compromised agents before real secrets are ever at risk.
Track every secret's age, usage, and exposure. Rotate on a schedule or instantly when something looks wrong.
Per-secret rate and scope limits halt runaway or hijacked agents automatically, before a leak becomes a breach.
Store your API keys, passwords, and tokens in the DemiPass vault — encrypted, never exposed to your agent.
Your agent asks DemiPass for a short-lived use-token bound to the exact action it needs to perform.
DemiPass redeems the token and injects the real secret server-side. The credential never enters the prompt.
DemiPass is one piece of Dustforge — infrastructure for trustworthy autonomous agents. More coming soon.