Open source core + hosted control plane

Secure secret delivery for humans, agents, and hosted teams.

BlindPass unifies Human → Agent handoff, Agent → Agent exchange, and hosted workspace control with HPKE encryption, in-memory-only handling, and single-use retrieval that keeps secrets out of prompts, logs, and middleware.

HPKE (RFC 9180) Single-use retrieval In-memory only Open source + hosted
11 Security Layers
3 Product Modes
0 Plaintext on Server
Human → Agent Out-of-band approval with browser-side encryption.

Operators confirm the handoff while the secret stays sealed until the final retrieval step.

Agent → Agent Policy-checked exchange across autonomous workflows.

Requester, fulfiller, and SPS coordinate a single-use transfer without exposing plaintext to the runtime graph.

Hosted Teams Control agents, members, approvals, and quotas in one place.

Conceptual hosted UI, audit visibility, and deployment options are part of the public product story now.

Secret delivery breaks down long before the agent runs.

Most AI workflows still rely on chat copy-paste, plaintext middleware, and static credentials that outlive the task they were created for.

Prompt and chat exposure

Secrets leak into transcript history, agent memory, and prompt injection surfaces before any runtime control can help.

Config and environment sprawl

Credentials get duplicated across `.env` files, CI variables, screenshots, and internal notes with no bounded handoff model.

Middleware can still read the payload

Gateways, proxies, and coordination services often see plaintext because delivery was never designed as a zero-knowledge path.

Reuse outlives intent

Once a token exists, it tends to stick around. Teams need retrieval that expires, audits, and self-destructs by default.

One system. Three ways to provision.

BlindPass now tells a full product story: operator handoff, autonomous exchange, and hosted workspace control.

Best for Ops

Human → Agent

Securely hand off API keys and credentials from human operators to agents without exposing secrets to the agent’s conversation layer.

Browser encryption · single-use retrieval
Best for Autonomous Workflows

Agent → Agent

Enable autonomous handoff between requester and fulfiller agents with policy checks, approvals, and one-time retrieval.

Trust rings · approval paths
Best for Organizations

Hosted Teams

Manage agents, members, audit events, quotas, and billing from a shared control plane designed for platform operators.

Dashboard · policy · billing
provisioning-request.sh
$ blindpass provision --target "research-agent-01" --scope "read-only"
# generating proof-backed handoff
→ request mode: human_handoff
→ policy ring: ops / low-risk
→ status: pending_retrieval

Switch between the two delivery paths.

Human handoff and autonomous exchange share the same core guarantees, but their operational flows are different.

01

Request created

An agent requests a secret and receives a short-lived provisioning session tied to a one-time retrieval window.

02

Secure link delivered

The gateway routes an out-of-band URL and confirmation step to the operator instead of exposing the secret path to the LLM.

03

Browser-side HPKE encryption

The operator enters the value in the browser UI, where HPKE seals the payload before it leaves the client.

04

Single-use retrieval

The agent retrieves ciphertext once, decrypts in memory, and the handoff is purged immediately after success.

One product surface for dashboard, policy, and deployment options.

The hosted story stays in one consolidated section so the page sells the platform without turning into a stack of disconnected screenshots.

Conceptual hosted dashboard

Operate agents, members, approvals, and audit health from one control plane.

Hosted teams need more than crypto primitives. They need visibility into who can provision, which secrets are active, what approvals are pending, and where billing or quota pressure is emerging.

  • Agent enrollment and member access control
  • Live audit stream and approval inbox
  • Quota, billing, and workspace health summaries
Environment: Production Sync active
1,284Active agents
42Pending approvals
14Geo-fenced zones

Live audit log

SSH handshakeSuccess
Policy denialBlocked
Secret rotateSuccess
Approval escalatedPending

Security health

Entropy score 99.2%. Trust ring drift below threshold.

Active members

4 reviewers online. 2 operators awaiting provisioning tasks.

11 layers with concrete protocol boundaries.

BlindPass should sound like a real security product, not a hand-wavy concept page. Each layer maps to a specific leakage or impersonation risk.

01

HPKE ephemeral keys

Per-request encryption keys reduce forward exposure.

Crypto
02

Client-side encryption

Secrets are sealed before the payload leaves the browser.

Crypto
03

Zero-knowledge SPS

The coordinator handles ciphertext and retrieval state, not plaintext values.

Architecture
04

Single-use retrieval + TTL

Replay attempts fail once the session is consumed or expires.

Protocol
05

Hardened confirmation flow

Operators verify the request before entering the value.

UX
06

LLM blindness

Prompts and model context never receive the secret or approval URL.

Critical
07

Gateway egress filtering

Unexpected or malicious URLs can be redacted before the agent sees them.

Critical
08

Pluggable identity (SPIFFE/SPIRE ready)

JWT providers are the default path; stronger workload identity can plug in when needed.

Identity
09

In-memory handling + zeroing

Secrets avoid disk persistence and are cleared after use.

Runtime
10

Audited policy decisions

Approvals, denials, and handoff events remain reviewable after execution.

Ops
11

TEE execution support

Optional hardening for operators who need stronger runtime isolation.

Hardware

Open source forever, managed for teams.

Hosted workspace pricing should be easy to understand, while advanced machine-payment paths like x402 stay clearly separate.

Self-Managed

Open Source Core

$0

Forever

  • RFC 9180 HPKE cryptography
  • In-memory secret delivery
  • Single-use retrieval
  • Community support
View GitHub
x402 autonomous billing

`x402` supports advanced per-request machine payment flows. It is separate from recurring hosted workspace pricing and should be treated as an optional capability, not the default plan model.

Choose the deployment model that matches your operating posture.

Pricing answers plan questions. This grid answers scope questions.

Feature Open Source Core Hosted Platform
Deploy yourself Yes No
Browser encryption Yes Yes
Agent-to-agent exchange Yes Yes
Dashboard UX Basic Advanced
Billing and quotas Self-managed Fully managed
Hosted onboarding No Yes

Keep the terminal credibility, but give each audience a clear path.

Open source users can read the docs or self-host. Hosted buyers can go straight to the product path.

terminal
# start local blindpass services
$ npm install
$ npx blindpass serve

✓ SPS server ready on http://localhost:3100
✓ Browser UI ready for one-time provisioning
✓ Agent secret delivery waiting for retrieval