Documentation
Credentials your AI agents can use, but never read.
Veil Keys is a credential broker for AI agents and CI pipelines. Your secrets stay encrypted on the server and are injected at the network edge — so an agent can deploy, query a database, or call any API without the raw value ever reaching the model, the logs, or the developer's machine.
The one idea
Every other secrets tool eventually hands you the plaintext — you copy an API key into a
.env file, paste a token into a terminal, or let an agent read a credential to use it.
The moment plaintext exists on a developer's machine or in an agent's context, it can leak.
Veil Keys removes that moment.
The agent asks Veil to call api.stripe.com on its behalf. Veil decrypts the key inside
its own memory, attaches it to the outbound request, and returns only the response. The key is never
in the agent's context window, never logged, and never written to disk.
What you can do with it
Agent broker (MCP)
Let Claude Code, Cursor, or Codex call any API. Veil injects the secret at the edge — the model never sees it.
Database proxy
Read-only SQL for agents. Destructive statements blocked, PII masked, rows capped — the connection string stays hidden.
CI secret injection
veil run injects secrets into a build at runtime — no .env files, central rotation, full audit.
SSH key brokering
Veil signs your SSH challenges server-side. The private key never lands on the machine.
Policies & approvals
Bind a secret to one host. Require a human tap before high-value use. Deny outright.
Teams & workspaces
Org roles + per-workspace grants: read, write, use, reveal, manage. Least privilege by default.
Sixty seconds to your first call
Connect an agent to Veil's hosted MCP endpoint with a scoped token, then ask it to use a service:
Where to go next
- Core concepts — workspaces, credentials, tokens, and the broker, in five minutes.
- Quickstart — connect your first agent.
- Security & reliability — exactly what we can and can't see, and why.
- The
veilCLI —veil runandveil ssh-agent.