Vault54

Core Rule

No raw secrets to agents. No secrets in logs, browser memory, or prompts.

No production credentials outside sealed runtime. Vault54 is the only authorized broker.

Secret Flow

Agent requests secret

step 1

Vault54 brokers access

step 2

Secret Shield redacts

step 3

Audit54 records usage

step 4

GOV54 approves sensitive scope

step 5

Brokered Secrets

Stripe API Key

Payment Provider

Scope

treasury

Last Access

2026-05-22

● brokered

MCP Server Token

MCP Credentials

Scope

atlas-54

Last Access

2026-05-23

● brokered

Postgres URL

Database

Scope

vault54

Last Access

2026-05-22

● brokered

Cloud Deploy Key

Cloud

Scope

ops

Last Access

2026-05-21

● brokered

OAuth Token: Gmail

OAuth Tokens

Scope

ledger-54

Last Access

2026-05-23

● brokered

Wallet Service Key

Wallet Service

Scope

vault54

Last Access

2026-05-23

● brokered

Bitwarden Secrets Manager · placeholder integration. Secrets are never returned to agent context; only short-lived brokered handles flow through the execution harness.

No raw secrets to agents. Ever.

No raw secrets to agents. No secrets in logs, browser memory, or prompts.

Secret Flow

Brokered Secrets