Open Source · Apache 2.0 Licensed

Stop sharing your keys with AI agents

Creddy is a self-hosted identity service that issues ephemeral, scoped credentials to AI agents. Your master secrets are never shared with the agent.

View on GitHub$ creddy get github
Geometric key symbolizing secure credential management

The problem

Credential management for agents is broken

You wouldn't hand an intern your root SSH key. Why give an AI agent your personal access tokens?

Overprivileged agents

Agents get your personal tokens with full access. A single compromised agent exposes everything.

No visibility

No way to know which agent used which credential, when, or what it did. Auditing is impossible.

Credentials never expire

Long-lived PATs and API keys sit in .env files and agent configs indefinitely. Rotation is manual.

The Agentic Dev LoopIdentity, Secrets & Trust BoundariesA deep dive into why agents need their own identity, scoped credentials, and trust zones.

How it works

Three steps to secure agent credentials

01

Create an agent identity

Register each agent with its own scoped permissions. Creddy generates a unique API key and optional GPG signing key.

# Create an agent identity
creddy agent create deploy-bot --can github
# → ckr_abc123...
02

Agent requests credentials

When the agent needs access, it authenticates with its key and requests an ephemeral token scoped to the service it needs.

# Agent requests ephemeral token
export CREDDY_TOKEN=ckr_abc123
creddy get github --ttl 10m
# → ghs_xxxxx (expires in 10 minutes)
03

Token expires automatically

Tokens are short-lived by default. Every request is logged. The agent never sees your master credentials.

# Full audit trail
creddy audit list --agent deploy-bot
# → 2024-01-15 14:23  github  ghs_xxxxx  expired
# → 2024-01-15 14:33  github  ghs_yyyyy  expired

Features

Built for production

Ephemeral credentials

Tokens expire automatically with configurable TTL. Default is 10 minutes. No stale secrets.

Agent isolation

Each agent gets scoped permissions. Agents never see master secrets or each other's credentials.

GPG signing keys

Every agent gets its own GPG key for commit signing. Attributable, verifiable, auditable.

Full audit trail

Every credential request is logged with agent, service, timestamp, and expiration. Complete visibility.

Single binary

One binary, SQLite storage, zero external dependencies. Runs on your infrastructure, Tailscale-friendly.

Multi-backend

GitHub backend available today. AWS and Doppler coming soon. Extensible by design.

Quick start

Up and running in seconds

Single binary. No Docker required. No external services.

# Start the Creddy server
creddy server
# Create an agent identity
creddy agent create deploy-bot --can github
# → ckr_abc123...
# Agent requests ephemeral token
export CREDDY_TOKEN=ckr_abc123
creddy get github --ttl 10m
# → ghs_xxxxx (expires in 10 minutes)