Airlock is a multi-tenant vault with a just-in-time access broker. Agents request, humans approve, secrets unlock once — then the door closes.
Hand an AI agent a long-lived credential and you've handed it standing, plaintext access to production. One leaked token, one prompt-injected agent, one over-permissioned CI bot — and the secret is gone, silently.
A real airlock has two doors that are never open at the same time. Airlock works the same way — the outer door (the request) and the inner door (the reveal) never open together.
An agent asks for a secret by path, with a required reason. No plaintext is returned — a request is opened.
A human approves from their phone, the web console, or the terminal — with optional OTP or number-matching.
Approval mints a single-use grant. The agent exchanges it for the plaintext exactly once.
The grant is burned, the window expires, and an immutable audit entry is written. No residue.
A secret, sealed.
Your agent asks. A human approves.
It unlocks — once.
Sealed again. On the record.
Your agent runs a single command. Airlock opens a request, notifies an approver, waits, and hands back the secret exactly once — all without the agent ever holding standing access.
Not another password manager. A broker built for the agent era — scoped, approved, audited, and cryptographically isolated per tenant.
Agent tokens can enumerate and request — but can't read a value until a human approves and a single-use grant is minted. Compromise the token, and you've compromised nothing.
Time-boxed, one-time tokens. Burned on read or on expiry in seconds.
always-approve for crown jewels, auto for low-risk paths.
Glob scopes like prod/stripe — least privilege, issued show-once.
KMS EncryptionContext binds each tenant. A DB breach can't decrypt across tenants.
Every read, approval, denial, and rotation logged with actor, host, IP, and outcome.
A clean admin hub for the humans — manage the vault, action the approval inbox, and review the audit trail.
| Path | Tags | Policy tier | Created |
|---|---|---|---|
| prod/openai-api-keyOpenAI API Key (prod) | aiprod | Auto | 6/22/2026 |
| prod/stripe-api-keyStripe API Key (prod) | paymentsprod | Always approve | 6/22/2026 |
| staging/postgres-urlPostgres URL (staging) | databasestaging | Always approve | 6/22/2026 |
A secret stored in the CLI shows up in the console and pings your watch. Same backend, same auth, same access control — different place to say yes.
Headless, CI/CD-friendly, dual-plane. The agent's step-up flow and the operator's approval — both from the terminal.
The admin hub. Manage secrets and agent tokens, work the approval inbox, and read the full audit trail.
Approve on the go with a glance and a number-match — no email, no browser. Push lands, you tap, the grant mints.
Install the CLI, issue a scoped token, and run your first brokered request in two minutes.