Stop Pasting Secrets Into AI Agents

Token Vault is a credential manager built for the AI-agent era. Store your API keys and OAuth tokens in an encrypted vault, then let your agents access them through secure proxies and scoped grants, without ever seeing the real secrets.

Free to use. Read our Privacy Policy and Terms of Service.

What is Token Vault?

A credential manager built for the AI-agent era. Store your API keys and OAuth tokens in an encrypted vault, then let your agents access them through secure proxies and scoped grants, without ever seeing the real secrets.

Read the architecture overview

Token Vault architecture: credentials flow through encrypted storage to AI agents and MCP proxy

How It Works

Your Tokens, Your Rules

Every credential you store is protected by choices you make: where it lives, how it's encrypted, and who can refresh it. Token Vault gives you the knobs, from zero-config convenience to zero-trust security.

Learn how AES-256-GCM encryption protects your tokens

Vault Storage

Choose where your encrypted tokens live. Each option has different trade-offs for convenience, ownership, and control.

Token Vault Store

Tokens encrypted with AES-256-GCM and stored in our managed Firestore database. Zero setup required. Ideal for getting started quickly.

Instant setup
Sub-millisecond reads
Automatic backups

Your Webhook

Your server implements a simple storage API and owns the encryption key. Token Vault only stores metadata. Data and keys never touch our systems.

Data never leaves you
Full infrastructure control
Your webhook is the killswitch

Encryption

Choose your encryption level, from platform-managed AES-256-GCM to webhook-sovereign where your server owns the key.

Platform Encryption

Token Vault holds the key

Token Vault generates and manages your AES-256-GCM encryption key server-side. This means we can decrypt tokens on your behalf for automatic refresh, agent access, and MCP proxy, all without any manual intervention.

Best for: convenience, automatic everything, teams that trust managed infrastructure.

Webhook-Sovereign Encryption

Your webhook owns the key

Your webhook generates and owns the AES-256-GCM encryption key. Token Vault only stores encrypted blobs and metadata. It can never decrypt your credentials without your webhook's active cooperation. Take the webhook offline and all access stops instantly.

Your Webhook (owns key)

Token Vault (encrypted blobs only)

Best for: high-sensitivity credentials, zero-trust environments, enterprise.

Token Refresh

OAuth tokens expire. Token Vault makes sure your agents never notice.

Just-in-Time Refresh

When an agent or MCP proxy requests a token that has expired, Token Vault automatically uses the stored refresh token to get a fresh access token from the OAuth provider before returning it. Your agents never see a 401. They always get a working credential.

TV-Mediated Refresh

For tokens created via Token Vault's built-in OAuth (Google, GitHub), TV owns the OAuth app credentials needed to refresh. During a refresh, TV briefly receives the refresh token from your webhook, exchanges it with the provider, and sends new tokens back for encryption. Credentials are in transit only, never stored by TV.

Webhook-Delegated Refresh

For custom tokens where your webhook owns the OAuth credentials, Token Vault sends a refresh notification and your webhook handles the exchange entirely. TV never sees any credential material. The request includes an urgent: true flag when an agent is actively waiting, so you can prioritize.

The Kill Switch

In webhook mode, you have absolute control over your credentials.

In webhook mode, your server owns the encryption key. Taking your webhook offline instantly disables all access to your tokens:

Token Vault cannot decrypt anything

All agent grants stop working

MCP proxy requests fail immediately

Token refresh stops completely

This is by design. No one, not Token Vault, not an attacker who compromises our servers, can access your tokens without your webhook's cooperation. Bring it back online and everything resumes instantly.

Why it works: Your webhook owns the encryption key. Token Vault only stores encrypted blobs and metadata. Without your webhook online and cooperating, decryption is impossible regardless of computing power.

Read the webhook protocol documentation

Agents & Grants

Give AI Agents Exactly What They Need

Create agent identities, grant them scoped access to specific tokens with time limits, and revoke access instantly. Your agents call a simple HTTP endpoint. No SDK required.

See how scoped agent grants work

Agent flow: create agent, grant tokens, agent requests credentials, credential returned

Creating Agents

Create in Dashboard

Name your agent (e.g., “Claude Code”, “CI Pipeline”) and add an optional description.

Copy the API Key

You get a unique key like tvagent_abc123.... It's shown once, so save it securely.

Use Anywhere

Pass the key via Authorization: Bearer header,x-agent-key header, or ?key= query param.

Time-Scoped Token Grants

Grant access to specific tokens with automatic expiry. Choose a time limit and auto-refresh policy.

Pick a token

Choose which vault credential the agent can access (e.g., github,openai). Each grant is for one token.

Set a time limit

1 hour, 8 hours, 7 days, 30 days, or “Until revoked”. Grants expire automatically. The agent gets a clear error on its next request.

Auto-refresh (optional)

For OAuth tokens, enable auto-refresh so the agent always gets a valid access token, even if the original has expired.

Real-time vault fetch

Credentials are never stored in the grant. Each agent request fetches and decrypts the token from the vault in real-time, so the kill switch works instantly.

Revoking Access

Remove an agent's access instantly from the dashboard.

Open the agent's detail page and click Revoke on any grant, or deactivate the entire agent. The change is immediate. The very next API call from that agent returns a 403 Forbidden. No propagation delay, no cache window.

You can also delete the agent entirely, which removes all grants and invalidates the API key permanently.

Code Examples

Integrate Token Vault credentials into your agents in a few lines of code.

agent.py - Google ADK agent with Token Vault credentials

import requests
from google.adk import Agent

TOKENVAULT_URL = "https://api.tokenvault.uk/api/agents/credentials"
AGENT_KEY = "tvagent_abc123..."  # store in env var in production

def get_credential(service: str) -> str:
    """Fetch a fresh credential from Token Vault."""
    resp = requests.get(
        TOKENVAULT_URL,
        params={"service": service},
        headers={"Authorization": f"Bearer {AGENT_KEY}"},
    )
    resp.raise_for_status()
    return resp.json()["accessToken"]

# Build an ADK agent that uses Token Vault for credentials
agent = Agent(
    name="code_reviewer",
    model="gemini-2.0-flash",
    instruction="""You are a code review assistant.
    Use the github tool to read pull requests and leave review comments.""",
)

@agent.tool
def github_api(endpoint: str, method: str = "GET", body: str = ""):
    """Call the GitHub API with a fresh token from Token Vault."""
    token = get_credential("github")
    resp = requests.request(
        method,
        f"https://api.github.com{endpoint}",
        headers={
            "Authorization": f"Bearer {token}",
            "Accept": "application/vnd.github.v3+json",
        },
        json=body if body else None,
    )
    return resp.json()

MCP Proxy

A Secure Proxy for AI Agent Connections

AI agents like Cursor, Windsurf, and Claude need API credentials to connect to external MCP servers. The problem? You have to paste your real tokens into their config files, in plaintext. The MCP proxy sits between your agent and the upstream service, injecting real credentials server-side so the agent never sees them.

See how the MCP proxy secures agent connections

The Problem

Without an MCP proxy, your tokens live in plaintext config files on every machine that runs an agent.

MCP Proxy comparison: with proxy (secure) vs without proxy (plaintext tokens)

Without MCP Proxy

✗Real API keys in plaintext config files
✗Every machine has a copy of your secrets
✗No way to revoke without changing the token everywhere
✗Expired tokens break the agent silently

With MCP Proxy

✓Agent only gets a proxy key (random, revocable)
✓Real token injected server-side, never exposed
✓Revoke the proxy key in one click from the dashboard
✓Expired tokens refreshed automatically before forwarding

Proxy Templates

One-click templates for popular MCP servers. Or import any MCP config JSON.

GitHub

Proxy GitHub API and MCP server requests with your stored GitHub token.

Slack

Connect AI agents to Slack workspaces through a secure proxy.

Linear

Proxy Linear project management API calls with injected auth.

Notion

Connect to Notion workspaces without exposing your integration token.

Jira

Proxy Atlassian Jira requests with your stored API token.

{ }

Custom / Import JSON

Paste any MCP config JSON and Token Vault extracts the URL and headers.

Have a custom MCP config? Use the Import JSON tab in the create dialog. Paste any { "mcpServers": { ... } } snippet and Token Vault extracts the URL and headers automatically.

Example: Cursor + GitHub MCP

Proxy your Cursor IDE's GitHub MCP connection through Token Vault in 2 minutes.

Create the proxy

In the MCP Proxy tab, select the GitHub template. Choose your stored GitHub token. Token Vault generates a proxy URL with a unique key.

Paste into Cursor

Copy the generated JSON config and paste it into Cursor's MCP settings.

.cursor/mcp.json

{
  "mcpServers": {
    "github": {
      "url": "https://api.tokenvault.uk/api/proxy/mcp?key=tvproxy_k8Xm2...",
      "headers": {}
    }
  }
}

Notice the empty headers. Cursor never sees your GitHub token. Token Vault injects it into the upstream request server-side. If the token expires, it's refreshed automatically before Cursor even notices.

Ready to secure your credentials?

Create an account to start managing your tokens, setting up secure proxies, and connecting your AI agents.