Until today, giving an agent the ability to act meant handing over your passwords, API keys, private keys, credit card numbers, and secrets — and hoping nothing went wrong. Gatekeeper changes that.
"How do I give my agent access to Stripe and AWS without hardcoding my API keys? There's no safe way to do this."
"My agent made 47 API calls and ran up a $200 bill before I noticed. I need spend controls that actually work."
"Prompt injection exfiltrated my AWS keys and private key. The agent had no idea it happened."
Three independent gates inside an AWS Nitro Enclave that neither you nor we can reach. Your credentials are encrypted on your device before they ever touch our servers. Actions execute inside. Nothing sensitive ever leaves.
You encrypt client-side. We store ciphertext. Even a full platform compromise — ours or an attacker's — exposes nothing. This is what zero-knowledge actually means.
Your agent gets a scoped, time-limited token — never the credential itself. The action runs inside the enclave. Only the result comes back.
Spend limits, IP restrictions, merchant categories, rate caps — per secret. Every action is logged. Revoke any agent instantly, effective on the next request.
| Capability | Password managers | Enterprise PAM | Gatekeeper |
|---|---|---|---|
| Agent never receives the credential | — | — | ✓ |
| Zero-knowledge — operator can't read it either | — | — | ✓ |
| Execution inside hardware-attested enclave | — | — | ✓ |
| Per-agent spend caps & rate controls | — | partial | ✓ |
| Instant token revocation | ✓ | ✓ | ✓ |
| Built for agentic AI workflows | — | — | ✓ |