Give developers and security teams a zero-knowledge way to hand off credentials. HPKE end-to-end encryption, in-memory only storage, and single-use retrieval keep sensitive values out of logs, prompts, and chat history.
Give autonomous workflows a verifiable delivery path across browser, gateway, and runtime boundaries. The agent gets what it needs, while the secret stays sealed until the final authorized retrieval step.
$ blindpass request
# agent asks for a one-time handoff
{
"secret": "OPENAI_API_KEY",
"ttl": 180,
"mode": "single-use"
}{
"proof": "hpke_sealed_payload",
"confirm_code": "482173",
"retrieve_once": "true"
}Agents trigger the flow, but secrets stay out of prompts, logs, and model context.
Relay secrets safely across cooperating agents.
Enable secure pay-per-request agent flows.
Works with OpenClaw-style agent runtimes.
Secrets stay sealed until the operator completes the browser-based confirmation step.
Encryption happens client-side before the payload leaves the browser.
The runtime asks for a single-use handoff and waits for proof-backed retrieval.
Single-use retrieval and expiring proof windows reduce reuse and replay risk.
AI agents need credentials to do their jobs. But every current method leaks secrets.
AI agents ask for API keys in chat. Keys get logged, stored in conversation history, and leaked through prompt injection.
.env files and configs get committed to repos, shared in Slack, and copied across machines unencrypted.
Secrets transmitted as plain text through middleware, proxies, and gateways that can read everything passing through.
Secrets persist forever in memory, logs, and databases with no automatic cleanup or time-based expiration.
A secure 5-step process for end-to-end encrypted secret delivery.
Agent generates an ephemeral HPKE keypair. Keys exist only in memory โ never written to disk, never logged.
SPS creates a secret request with 3-minute TTL, HMAC-signed URL, and a human-readable confirmation code.
Gateway sends the secure URL to human via Telegram or Slack. The LLM never sees the URL or confirmation code.
Human opens the URL, verifies the confirmation code, enters the secret. Browser encrypts with HPKE.Seal โ no server sees plaintext.
Agent atomically retrieves the ciphertext (single-use), decrypts in memory, then immediately destroys all keys.
Four components working together with cryptographic guarantees at every boundary.
Redis-backed secret provisioning with 3-min auto-expiry TTL, atomic single-use GETDEL retrieval via Lua scripts, and Ed25519 JWT authentication.
Self-contained encryption page. No external dependencies, no CDN. HPKE.Seal happens entirely in your browser with a vendored, audited library.
HPKE keypair generation, in-memory SecretStore with Buffer zeroing, custom toJSON() returning [REDACTED], and lazy re-request flow.
LLM-blind URL generation, egress URL filtering with homograph attack detection, Ed25519 identity signing, and anti-phishing controls.
Defense in depth, not security theater. Every layer neutralizes a specific threat.
Key compromise โ no forward exposure
Secret never plaintext on wire
Service compromise โ no secrets exposed
Replay attacks blocked
Phishing via prompt injection neutralized
Agent never sees URL or confirmation code
LLM-injected malicious URLs redacted
Agent impersonation prevented
Crash dumps and disk forensics defeated
Non-repudiation and rogue agent detection
Host OS compromise neutralized (optional)
State-of-the-art cryptography, designed specifically for LLMs and ephemeral interactions.
X25519 + HKDF-SHA256 + ChaCha20-Poly1305. Industry-standard hybrid encryption, not homebrew crypto.
The AI agent never sees the secret URL or confirmation code. Gateway controls the entire delivery flow.
Per-request keypairs. Generated, used once, destroyed. No key storage, no forward exposure.
Secrets live in zeroed Buffers. No disk, no logs, no serialization. Agent crash = clean slate.
Atomic GETDEL via Redis Lua script. First retrieval succeeds, all subsequent attempts get 410 Gone.
HMAC-signed URLs, human-readable confirmation codes, egress URL filtering. Social engineering blocked at every layer.
Integrate secure secret provisioning with just a few lines of code.
# Install BlindPass
$ npm install blindpass
# Start the secret provisioning service
$ npx blindpass serve
๐ SPS Server running on http://localhost:3100
๐ Gateway identity loaded (Ed25519)
โ
Ready to provision secrets
# In your agent code
const secret = await agent.requestSecret("Stripe API Key");
// โ Human receives secure link via Telegram
// โ Secret encrypted client-side with HPKE
// โ Agent decrypts in-memory, keys destroyed