FAQ

Short, honest answers to the questions people ask before trusting Veil Keys with their secrets. If your question isn’t here, the Security overview goes deeper on the trust model.

Does the model or agent ever see my secret?

No. The agent makes a request through the broker; Veil Keys injects the credential at the network edge and returns only the upstream response. Agents authenticate with agent tokens, which carry the use permission, not reveal — so they can use a secret but are physically unable to read its value. The secret never enters the model’s context, prompts, or output.

AI agent

Claude Code

request (no secret)

Veil Keys

injects the secret

Authorization: ████

Upstream API

api.stripe.com

The agent sends a request with no secret; Veil injects it; the agent receives only the response.

Can Veil employees read my secrets?

Your secrets are encrypted at rest under per-workspace keys (AES-256-GCM, argon2id-derived key material, envelope encryption). To inject a secret into a legitimate outbound request, the hosted broker decrypts it transiently in memory — it never logs the plaintext, never returns it, and never writes it to disk.

What happens if a token leaks?

Revoke it instantly from the app’s Security section — every session using it stops immediately. The damage is already bounded: every token is scoped and bound to a single surface, and a token can only ever narrow the creator’s access, never widen it. A leaked agent token still can’t read plaintext or sign; a leaked CI token still can’t exceed its workspace and service allowlist. See Tokens.

Which agents work with Veil Keys?

Anything that speaks MCP (the Model Context Protocol). That includes Claude Code, Cursor, and other MCP-capable clients. You connect them to the hosted endpoint at https://api.veilkeys.com/mcp with an agent token. See the Quickstart.

Can I self-host?

Veil Keys is hosted today. The app lives at app.veilkeys.com and the MCP broker at https://api.veilkeys.com/mcp. Self-hosting is not available at this time.

What databases does the proxy support?

Postgres, through a read-only proxy. The query_db tool blocks destructive statements and masks PII before any row reaches the agent, so an agent can explore and report on your data without the ability to mutate it or exfiltrate sensitive fields. The database proxy is available on Pro and Team. See the database proxy.

What SSH key types are supported?

ed25519 today. RSA support is planned. With SSH brokering, the private key never leaves Veil — veil ssh-agent asks Veil to sign challenges, so git push and ssh work normally while the key stays sealed. See SSH brokering.

How is billing handled?

Through Paddle, acting as Merchant of Record — it handles invoicing, taxes, and payment methods on our behalf. See Plans and veilkeys.com/pricing.

Is my connection encrypted?

Yes — TLS 1.3 everywhere. Traffic between your agent, the broker, and the upstream API is encrypted in transit, and credentials are encrypted at rest.

Can I export my data or leave?

Yes. Deleting your account is a soft-delete with a 30-day grace period — log back in within those 30 days and everything is restored. Team plans can export the audit log at any time. See Plans.

Next steps

Quickstart — connect an agent in five minutes.
Security overview — the full trust model.
Tokens — how access is scoped and revoked.