Mint

Secrets Management Rebuilt for AI Agents

Traditional secrets managers were built for servers. AI agents have a fundamentally different threat model. Your credentials should reflect that.

Get Early Access See How It Works
Env-Bound Token 5-min TTL

The Core Problem

Long-lived credentials stored in environment variables are catastrophic for AI agents. It is like giving every driver a master key to every car on the lot.

The Server Way

Long-lived credentials

Traditional secrets managers issue static API keys stored in environment variables. When an AI agent is compromised by prompt injection or memory exfiltration:

  • Long-lived API keys in env vars
  • Shared across all agent instances
  • Manual rotation and revocation
  • Stolen = compromised forever
The Mint Way

Ephemeral by design

Mint issues short-lived tokens that are cryptographically bound to the issuing sandbox. If the agent is compromised, the blast radius is zero:

  • Env-bound token, 5-minute TTL
  • Cryptographically tied to sandbox
  • Per-agent, fully auditable
  • Stolen = already dead

Four Steps to Zero-Trust Credentials

Mint attests the runtime, issues a bound token, and gets out of the way. Your agent makes calls. The token expires. Nothing lingers.

01

Attest the environment

On startup, the Mint SDK reads the execution environment — container ID, vTPM measurement, or workload identity — and presents it to the Mint service.

02

Issue a bound credential

Mint issues a short-lived token cryptographically bound to that specific environment. No other process — in any other sandbox — can use it.

03

Token auto-expires

Credentials expire in minutes, not months. No rotation scripts. No cleanup jobs. No forgotten keys. Just a credential that is dead by design.

04

Full visibility, instant revocation

The dashboard shows every active credential in real time — which agent holds it and when it expires. Revoke any agent's access in one click.

Why Existing Tools Fall Short

Traditional secrets management assumes the attacker is outside your system. With AI agents, the runtime itself can be weaponized.

Prompt Injection

Attacker hijacks the agent's inputs

A malicious document, web page, or tool response instructs the agent to print its environment variables or call a remote server with its credentials.

Mint credentials only validate inside the attested sandbox. Exfiltrated tokens are cryptographically invalid anywhere else.

Memory Exfiltration

Secrets dumped from the agent's heap

An attacker exploits a vulnerability in the agent runtime or a dependency to read process memory — scooping up API keys stored as plain strings.

Tokens expire in minutes. By the time an attacker extracts and attempts to use one, it is already dead.

Tool-Call Chain Compromise

A malicious tool relays credentials

The agent calls a compromised tool in its chain. That tool silently forwards the agent's long-lived API key to an attacker-controlled endpoint.

Environment binding ties the credential to the issuing process. A different caller is rejected — the token verifies its own origin on every use.

Seamless Sandbox Injection

Mint integrates directly with your agent workloads. Execute your agents via the mint CLI to inject credentials on-the-fly, or import the lightweight SDK to dynamically retrieve verified credentials in attested sandboxes.

  • CLI Injection: Run mint exec to automatically issue, validate, and inject secrets without changing any code.
  • SDK Fetching: Call mint.get() inside Python, JS, or Go to retrieve credentials after an environment-binding handshake.
  • Zero Plaintext Storage: Ephemeral keys are fetched only inside verified sandboxes and auto-expire in 5 minutes.
LiteLLM LangChain OpenAI SDK Anthropic SDK CrewAI AutoGen
mint — credential issuance 
$ mint init
# Initialized local environment security sandbox (~/.mint/)

$ mint add openai OPENAI_API_KEY
Enter credential value: *********

$ mint exec openai -- python agent.py
# Token generated, verified, and raw credential injected inside subprocess:
[✓] signature    valid
[✓] expiry       valid, expires in 299s
[✓] revocation   not revoked
[✓] fingerprint  match

# Subprocess executes; raw key is securely discarded from memory on exit
from mint import agent_creds

# SDK automatically attests environment & retrieves real ephemeral key from broker
api_key = agent_creds.get("openai")

# Drop directly into LangChain ChatOpenAI
llm = ChatOpenAI(api_key=api_key)

# Or use with any LLM library (e.g. LiteLLM)
resp = litellm.completion(
    model="gpt-4o",
    api_key=api_key,
    messages=[{"role": "user", "content": prompt}]
)
import { agentCreds } from '@puremetrics/mint';

// SDK automatically attests environment & retrieves real ephemeral key from broker
const apiKey = await agentCreds.get('openai');

// Drop directly into the OpenAI SDK
const openai = new OpenAI({ apiKey });

const resp = await openai.chat.completions.create({
    model: "gpt-4o",
    messages: [{ role: "user", content: prompt }]
});
import "github.com/puremetrics/mint"

// SDK automatically attests environment & retrieves real ephemeral key from broker
apiKey, err := mint.Get("openai")
if err != nil { log.Fatal(err) }

// Drop directly into the OpenAI Go client
client := openai.NewClient(
    option.WithAPIKey(apiKey),
)

Works with Every Library

Mint is a drop-in credential layer — not a framework replacement. Works with any library that accepts an API key.

Capabilities

Everything you need to secure agent credentials at runtime. Built for teams shipping agents to production.

Environment Binding

Credentials are cryptographically tied to the issuing execution environment — container ID, vTPM attestation, or workload identity. A stolen token is rejected everywhere else.

Auto-Expiry

Configurable TTL — default 5 minutes. No rotation scripts. No forgotten keys. No revocation ceremonies. Credentials are dead by design the moment they're no longer needed.

Live Dashboard

See every active credential in real time — which agent holds it, which sandbox it's bound to, and exactly when it expires. Full fleet visibility at a glance.

Instant Revocation

Kill any agent's credentials in one click — no key rotation required, no propagation delay. The credential is invalidated at the Mint service layer immediately.

Full Audit Trail

Immutable log of every credential issuance, use, expiry, and revocation — with the attested environment identity attached. Export for compliance or incident response.

Zero-Trust Runtime

No implicit trust — every credential request is attested before issuance. Works alongside your existing secrets manager: Vault, AWS Secrets Manager, or GCP Secret Manager.

Be First to Secure Your Agents

Early access opens to a limited cohort of teams running agents in production. No spam. No commitments. We'll reach out when Mint is ready for your stack.

by Pure Metrics AI