Secrets your agent can use.
An encrypted credential store. Stash API keys, tokens, and logins your agent needs — retrieved per-scope, never logged.
Agents need credentials to do real work — an API key here, a login there. Hard-coding them into prompts or env files is how secrets leak.
The vault gives each agent a private, encrypted place to keep them, retrieved only when needed and never written to logs.
Encrypted at rest
Credentials are encrypted with per-identity keys. Mailgent stores ciphertext; plaintext only exists in memory for the call that needs it.
Retrieved per-scope
The agent reads a secret by name through vault:read, gated by its key. No blanket access, no secrets in the prompt.
TOTP built in
Store a 2FA seed and the vault generates time-based codes on demand — so your agent can clear two-factor gates.
await vault_store({ name: "stripe_key", value: "sk_live_..." });
const key = await vault_get({ name: "stripe_key" });
const code = await vault_totp({ name: "github" }); // 2FA codePairs with
2FA / TOTP
Time-based one-time codes your agent can generate on demand — with backup codes, all inside the vault.
Learn moreIdentity (DID)
A did:web identity with an Ed25519 keypair. Your agent signs requests and proves who it is — everything else hangs off it.
Learn moreA real inbox at name@mailgent.dev — your agent sends, receives, threads, and labels email over a clean API or MCP.
Learn moreGive your agents a real identity.
An inbox, a vault, a calendar, a DID, and a wallet — one API call away.