keyward.broker console
control plane onlineonlinedev mode
Documentation

Keyward in five minutes

Keyward is a credential broker for AI agents and MCP servers. Instead of holding long-lived API keys in .env files, your agent asks Keyward at call time for a scoped, short-lived credential — bound to both the human who authorized the action and the agent acting. Every request, allowed or denied, lands in a tied audit log.

The core idea

An agent never holds a standing secret. When it needs to touch an upstream API it calls kw.get("stripe", "charges:read", "5m"). The broker verifies the end user's identity token, resolves the agent, checks policy, and mints a credential that expires in minutes and is scoped to exactly what was asked.

invoice-agent.ts
import { createClient } from "@keyward/sdk";

const kw = createClient({
  controlPlaneUrl: process.env.KEYWARD_URL!,
  token: endUserToken,        // the human's identity token (OIDC)
  agent: "invoice-bot",       // this agent's registered id
});

const cred = await kw.get("stripe", "charges:read", "5m");
// cred.credential  → short-lived, scoped, signed (RS256)
// cred.delegation  → { user: "…", agent: "invoice-bot" }

The delegation chain

Every credential Keyward mints carries the OAuth 2.0 Token Exchange (RFC 8693) claim shape: sub is the human who delegated authority, act is the agent acting. Chains nest — user → orchestrator → sub-agent — and each extension is cryptographically bound to the exact prior credential, so an action is always traceable to the authorizing human and a chain can't be forged or spliced.

What's in the box

PieceWhat it does
BrokerPOST /v1/credentials — verify user, resolve agent, check policy, mint, audit
Vaultupstream secrets envelope-encrypted at rest; KMS or BYOK per org
Policy enginedeny-by-default rules by agent / provider / scope, per environment
Audit logappend-only allow + deny, exportable (JSON/CSV), SIEM streaming
Consolethis dashboard — audit, agents, secrets, policies, approvals, usage
SDK + CLI@keyward/sdk client with credential caching; keyward init / wrap onboarding

Where to go next

Quickstart gets a broker and a demo agent running end to end. SDK and API cover the developer surface. Security model explains the invariants; Self-hosting covers running the broker on your own infrastructure.