Overview

Keyless is the missing security layer for AI agents: a secure, agent-native way to use API keys at runtime.

The problem

Most teams still use fragile patterns:

• keys in .env files
• secrets pasted into prompts
• hardcoded tokens in scripts
• shared credentials across teams

These break down with agents:

• agents need keys but can’t be trusted with raw secrets
• rotation and revocation are painful
• there’s no native way for agents to pay for API usage

What Keyless provides

Keyless combines three primitives:

• Vault — encrypted API key storage (wallet-encrypted, encrypted at rest, wallet-only decrypt)
• Wallet-based auth — Sign-In with Ethereum (SIWE) + ephemeral access (JWT)
• x402 micropayments — pay-per-request, usage limits, and on-chain tracking (Permit2)

Why it’s different

Traditional secret managers were built for centralized backends.

Keyless is built for:

• agents and developer tools
• delegated access (scoped, revocable, expiring)
• crypto-native billing (per request)

Marketplace model

• Owners publish services (upstream URL + schema + pricing + limits)
• Agents consume services (call the x402 gateway/proxy; handle 200 vs 402)
• Agents can still build products by composing services into workflows

Next: Quickstart.