Bootstrap a machine. Request secrets.
Store secrets of any kind. Run one command on a designated machine, and from then on the SikkerKey CLI, one of six SDKs, or the MCP server signs each request automatically with that machine's private key.
━ Each request is signed with the machine's private key. SikkerKey verifies the signature against the public key.
Found PROD_STRIPE_SECRET_KEY in your vault and wired it into checkout.ts:
const stripe = new Stripe(await sk.getSecret('PROD_STRIPE_SECRET_KEY'))
It manages the vault and references secrets by their IDs, but it never reads the plaintext of a single one.
Give your AI agent plaintext-blind access
Bring SikkerKey into your daily agentic workflow without giving your AI agent access to plaintext credentials. Create an AI identity, scope its privileges, and it works entirely from metadata.
Protect your secrets, reactively.
Deploy canary secrets across your projects. The instant one is read, that project freezes. Opt in to also freeze every other project the offending machine can reach.
Severity categorized audit logging
Every action is recorded and ranked by severity, whether it comes from you, a teammate, an AI agent, or the system itself. The full trail streams to your dashboard in real time and exports to CSV on demand.