Secrets, granted per agent.
vault9 will make secrets and credentials first-class: per-agent grants, rotation, and sealed delivery at the network edge. It promotes drive9's secrets vault and run9's sealed secrets into one product — so giving an agent a key is a grant, not a copy-paste.
A key an agent can use, but never hold.
Put a secret in once and grant a specific agent a specific credential — scoped and revocable. vault9 will deliver it sealed at the network edge, so the value reaches the call without ever being written to disk or pasted into a config. Rotate it in one place and every grant follows.
# preview — vault9 is coming soon $ vault9 put OPENAI_KEY ✓ stored · encrypted at rest $ vault9 grant --agent alice aws → alice can use the aws credential · scoped + revocable $ vault9 get OPENAI_KEY → delivered sealed · never written to disk
Store. Grant. Deliver.
vault9 will make handing an agent a credential a deliberate, revocable act.
Put a secret once
Keep keys and credentials in one place, encrypted at rest, with rotation handled centrally instead of scattered through env files.
Per-agent access
Grant a specific agent a specific credential — scoped to what it needs and revocable the moment it doesn't, with no broad shared secret.
Sealed at the edge
Secrets arrive sealed at the network edge, used by the call but never written to disk — the same model run9 uses for sealed secrets today.
The credential layer under the stack.
vault9 builds on the sealed-secret model run9 and drive9 already use.
Sandboxes
The sealed-secrets-at-the-edge model vault9 promotes into a product of its own.
run9 → drive9Object storage
Drive9's secrets vault and per-agent grants graduate into vault9.
drive9 → db9Postgres database
Hold the database credentials your agents are granted, never copied.
db9 → owl9Observability
See which agent was granted which secret, and when it was used.
owl9 →First-class secrets for your agents.
vault9 is on the way. Request early access and we'll reach out when per-agent secrets open up.