The Interagentic Company

@timonen_matti @svpino Building @keychains_dev to enable agents to use credentials without touching them. Happy to get your thoughts!

@svpino Secrets are hard locally. Doing two things about this. I use cross-keychain package for all secrets on openclaw. JIT inject to any local build/task. Not great still, but better than nothing. And I’m building openid4vc wallet for agent credentials and 2fa mechanics, DPoA, etc.

Your agents can work autonomously, but they still use a hardcoded API key stored in a configuration file. Let that sink in. We are building autonomous machines with access to our most critical infrastructure, and securing them with a password on a sticky note. This is crazy. Identity is one of the biggest problems with agents right now. Deployed agents touch real infrastructure: databases, APIs, file systems, MCP servers, and other internal services. These agents act autonomously, make decisions, and access live resources. The "solutions" I usually see: • Hardcoded API keys and persistent credentials in config files • Shared service accounts with way too many permissions • Long-lived credentials that never get rotated • Zero visibility into what agents accessed what data This might work for traditional software, but agents are a completely different animal. Agents operate continuously, make non-deterministic decisions, and follow different execution paths every time they run. The old identity models built around static roles and long-lived secrets simply don't fit.

AI agents are getting powerful fast. Security is now the main bottleneck. The next big OSS movement will be about safe execution, governance, and trust around agents. #OpenClaw #claude #ai