Coming Soon

VelvetGlove
Secrets never in memory

Runtime secret injection proxy for AI agents. Keep API keys secure while staying fast and flexible.

Join Waitlist View Architecture

OpenClaw(dummy keys)

VelvetGlove Proxyinjects real keys

LLM ProviderOpenAI, Anthropic, etc.

The Problem

AI agents need API keys to function, but storing secrets in config files creates serious security risks.

Memory Exposure

Secrets loaded at startup remain in memory, vulnerable to dumps.

Log Leakage

Debug logs can accidentally expose keys to disk or monitoring.

Agent Hijacking

Prompt injection can exfiltrate credentials from the agent.

How VelvetGlove Solves It

Runtime Injection

Replace dummy keys with real ones at request time—never before.

Memory-Free

Real keys never enter agent process memory. They exist only in transit.

Provider Agnostic

Works with OpenAI, Anthropic, Google, and any HTTP-based API.

Defense in Depth

DNS rebinding protection, IDNA canonicalization, header scrubbing, and more.

Security Guarantees

Secrets never in config files

Secrets never in agent memory

Secrets never in logs

DNS rebinding protection

SSRF prevention

Homograph attack defense

Roadmap

v1.0— Secret ManagementShipping Soon

Runtime injection, provider support, core security

v1.1— Security Hardening

Audit logging, enhanced monitoring

v2.0— Enterprise Features

HMAC auth, multi-user support

v3.0— Payment Safety

Payment safety platform

Get Early Access

VelvetGlove v1.0 is shipping soon. Star the repo to stay updated, or reach out to get early access.

Follow on GitHub

VelvetGloveSecrets never in memory