Skip to main content
Two tools for reading and writing secrets in an agent’s encrypted vault. The vault must be initialized before use.

save_secret_to_vault

Store a key-value secret in the agent’s vault.

Parameters

agentId
string
required
The agent’s unique identifier.
secretKey
string
required
The key name under which to store the secret (e.g., card_pan).
secretValue
string
required
The value to store. Encrypted before being written.
intent
object
required

Response

Returns a text confirmation: "Secret saved."

Example

{
  "agentId": "agent-abc123",
  "secretKey": "card_pan",
  "secretValue": "4111111111111111",
  "intent": {
    "message": "Storing card PAN after identity provisioning",
    "subject": "VAULT",
    "action": "CREATE"
  }
}

get_secret_from_vault

Retrieve a secret from the agent’s vault by key.

Parameters

agentId
string
required
The agent’s unique identifier.
secretKey
string
required
The key name to look up.
intent
object
required

Response

{
  "secret": "the-decrypted-value"
}

Errors

ErrorCause
Vault does not existinitialize_vault has not been called for this agentId
Secret not found in vaultNo secret exists with the given secretKey

Example

{
  "agentId": "agent-abc123",
  "secretKey": "card_pan",
  "intent": {
    "message": "Reading card PAN to complete a purchase",
    "subject": "VAULT",
    "action": "READ"
  }
}