Blog
Best practices, deep dives, and integration guides for teams building production AI agents. The first posts are landing soon — subscribe to be notified.
Shipping raw API keys in .env files made sense for humans — it makes zero sense when autonomous agents clone repos, spawn sub-agents, and run in ephemeral cloud containers 24/7. Here's what the blast radius looks like and how to fix it.
One key to rule them all is a single point of failure. Envelope encryption — AES-256-GCM per-secret DEKs wrapped by HSM-backed per-tenant KEKs — means compromising one secret doesn't compromise your vault. A deep dive.
Autonomous agents moving fast is a feature — until they rotate a production database credential at 2AM without telling anyone. Approval workflows let you stay in control of sensitive operations without slowing down standard access.
LangChain makes it trivially easy to ship agents that call external APIs — and trivially easy to ship your API keys with them. This guide wires Agent Secret Store into a LangChain agent so secrets never touch your application code.
Model Context Protocol is quickly becoming the standard way AI agents connect to external tools. We break down how MCP works, why it matters for credential security, and how Agent Secret Store's MCP server lets any compatible agent access secrets with two lines of config.
Want to learn more right now?
The docs cover everything from quick start to envelope encryption internals.