Keychains.dev

Keychains.dev provides secure credential delegation for AI agents, enabling them to access thousands of APIs without exposing sensitive credentials. The platform acts as a proxy layer that injects credentials server-side, ensuring that AI agents never see raw secrets, protecting against prompt injection attacks and credential leakage. Users maintain full control with transparent permission management and instant revocation capabilities.

• Drop-in curl replacement - Use keychains curl as a replacement for standard curl commands, replacing hard-coded credentials with template variables like {{OAUTH2_ACCESS_TOKEN}} or {{STRIPE_PRIVATE_KEY}} for seamless integration.

• Server-side credential injection - Credentials are injected server-side, making them invisible to the agent and protecting against prompt injection attacks that could exfiltrate secrets from context windows.

• User consent flows - When a new API scope is needed, users see exactly what the agent wants to do and approve with one click, ensuring informed consent for every permission granted.

• SSH key identity - Every machine authenticates via SSH keypairs with no passwords or API keys in the agent's environment, providing strong cryptographic identity verification.

• Stateful fingerprinting - Machines exchange fingerprints with every call, automatically invalidating leaked keys on first use for enhanced security.

• Instant revocation - Revoke any machine's access with one click from the dashboard with no waiting or grace periods.

• Multi-protocol support - Handles OAuth 2.0 with PKCE, API keys, and basic auth, working with 6754+ API providers including GitHub, Google, Slack, Stripe, Notion, Linear, and more.

• Sub-agent delegation - Create scoped delegate tokens for sub-agents with only the permissions they need, or create blank tokens that require fresh user approval for each task.

• Full audit trail - Users see every permission granted, every agent, and every task with complete transparency and accountability.

To get started, install the keychains CLI and use it as a drop-in replacement for curl. Replace your hard-coded credentials with template variables, and the platform handles authentication, token refresh, and secure credential injection automatically.