Heima

Right now most platforms proxy agent traffic through their own backend. Your credentials live inside the platform, and every request depends on the platform sitting in the middle. AgentKeys is broker, not proxy. We hand your agent a key and get out of the way. The agent calls OpenRouter, GitHub, and Notion directly, with credential handling staying securely inside the TEE stack. 🤖 Latency and reliability stay in your hands, and credentials remain scoped, revocable, and audited by default.

Credential exposure often expands as agents interact across more services and environments, increasing key exposure risk. 🔐 AgentKeys changes how credential handling works across multi-agent workflows, minimizing how often long-lived private material needs to be exposed across workflows. The Gramine-SGX worker holds the master seed and every derived key, signing on behalf of the user after a session-authenticated approval. ✅ This means clients only ever hold bearer tokens, never long-lived private material.

In most multi-agent workflows today, keys get shared across agents, copied between environments, and reused across workflows. Over time, it becomes difficult to trace which agent accessed which credential, making revocation and audit trails harder to manage as systems scale. 📋 💡With AgentKeys, a tamper-evident audit trail and access record are tied to each specific agent. Chain stores everything persistent. Instead of identity and credential access existing only inside a backend database, they become part of a persistent system state shared across the infra layer. Making credential access more traceable and structured, reducing shared access and making large-scale agent systems easier to manage. 🦦

Why do agents need their own identity❓ Because when you have a fleet of agents, you need a way to define clear boundaries. Without identity, agents share the same credentials and access, making it difficult to isolate permissions or revoke access cleanly. Individual agent identity makes access scoped and manageable: what an agent can access, which credentials it can use, and how to revoke it can all be tied to that specific agent. 🔑

As autonomous agents become more integrated into our workflows, most systems still assume a human in the loop. That doesn’t scale when agents are expected to operate independently. ⚙️ AgentKeys supports auto provisioning. For example, agents with browser control can create GitHub accounts, provision OpenRouter keys, and generate fresh credentials on their own, without manual setup. Credential creation no longer has to depend entirely on humans. 🔐

Currently, credential management for cloud agent services follows a model where the platform itself becomes the point of trust. Users upload API keys → the platform stores them → agents use them. ➡️ AgentKeys offers a non-custodial approach. Credentials are encrypted before leaving the user, stored as encrypted blobs, and accessed through a TEE-backed system. 🛡️ Agents don’t hold raw keys. They request access when needed. 🤖 The cloud platform never has custody of credentials, but agents can still operate normally.

AgentKeys is what happens when the Heima stack is applied to a real user workflow. Chain stores everything persistent, TEE holds all private keys, clients hold only bearer tokens, and credentials are brokered instead of proxying operations. 🔑 All combined, you get credentials that aren’t shared across environments, with access revocation + audit trails as part of the default flow. Join the waitlist 👉 agentkeys.heima.network

AgentKeys is our second product built on the Heima stack, following @wildmetaHQ. It targets a growing issue in agent workflows: credential management. With AgentKeys’ approach, credentials are: 🔷Mapped to user, agent, service 🔷Encrypted client-side and stored as encrypted blobs 🔷Access via TEE, with clients only using bearer tokens This changes how agents interact with external services: ✅Credentials are brokered, not copied into multiple environments ✅Revocation propagates quickly across all connected services ✅ Auditability is part of the system design, not an afterthought Public alpha opens soon. Join the waitlist 👉 agentkeys.heima.network

At Heima we believe private keys, identity, and audit trails shouldn’t live in any one place you have to trust. 💡They belong in a chain + TEE stack. AgentKeys brings that model to AI agents with scoped credentials, instant access revocation, and built-in audit trails. 🤖🔑 Each agent gets its own identity and controlled access, without users ever needing to deal with the underlying complexity. 🚀 Early access opens soon. If you’re building agents, join the waitlist to be in the first wave 👉agentkeys.heima.network

If you’re building agents, you’re probably still using .env. One file for your GitHub token, OpenRouter key, API creds… everything. Fine at first, but breaks the moment multiple agents touch different tools. ❌ There’s no isolation, no clean revocation, no visibility. Not just messy, also a security Risk. AgentKeys gives your agents identities of their own. 💳 One command stores a credential scoped to a specific agent. The agent reads it over MCP. Another command revokes access in under six seconds across every tool the agent was touching. Building agents? Join the waitlist 👉 agentkeys.heima.network

There have been a few high impact security incidents this April. Drift at the beginning of the month, and now the KelpDAO exploit. Same reminder every time: capital security comes first. 💰 As the agentic economy scales, this doesn’t change. If agents are accessing your capital, they should operate within permissions you define. 🛡️

Most agents today are still black boxes. But in the agentic economy, when agents act on our behalf, we shouldn’t be giving up control. We should be defining it: 🔹knowing exactly what an agent can access 🔹constraining how and where it executes 🔹being able to verify every action it takes onchain

This is a tough situation we all have to take seriously today. It’s becoming a real pattern: compromised third party AI tools with OAuth access As tools and agents integrate deeper into our workflows, permission control becomes foundational.

Permission control = capital protection.🛡️💰 We’ve seen how fast things can move when markets are volatile. In those moments, agent permission control isn’t optional. Define what an agent can access. Limit how much it can deploy. Constrain where and how it acts. 🦦Powerful automation, kept under control.

As agents evolve, they access personal data and manage capitals. But without privacy assurances, none of this scales. This is why Heima’s infrastructure is evolving with it. 🔹 user-defined permission controls 🔹 isolated, secure execution environments 🔹 Secure Vault and Private Knowledge Hub for agent memory

Why do agents need granular, user-defined permissions? 🤔 Data leaks don’t always look like hacks, system wide access can create silent risks. Without clear boundaries, agents operate with too much power and too little control. User-defined permissions change that. You decide what an agent can access, whether it can use your keys, and where it stops. 🛡️

Most agents today execute in open environments. As they get more capable each day, the risk of data leaks also increases. For the agentic economy to scale, execution needs to be isolated and secure. 🔐🛡️ Sensitive data, keys, and logic shouldn’t be left in the open.

Controlled permissions within user-defined boundaries. Isolated, secure execution environments. Every step verifiable on-chain. That’s how trust is built in the agentic economy. 🛡️🦦