AgentKey flips the model. Agents start with zero access. They request tools with a reason via HTTP. A human approves once, and the credential is vended encrypted (AES-256-GCM, per-record IV) only when an agent actually fetches it — never stored by the agent itself. Every request, approval, and credential fetch is in an append-only audit log.
Two things I think are actually interesting vs existing secrets managers:
1. Agent-driven catalog. If an agent needs a tool that isn't in the catalog, it submits a suggestion with a reason. Multiple agents can back the same suggestion, so admins see aggregated demand instead of one-off tickets. That's the "wild" part that makes it feel different from Vault-style vaults.
2. License choice. BSL 1.1, auto-converting to Apache 2.0 on April 1, 2030. I wanted source-available + self-hostable without giving cloud providers a free managed service until the market shakes out. Happy to debate that choice.
Stack: Next.js 16, Drizzle + Postgres (Neon), Upstash for rate limiting, Clerk for human auth, deployed on Vercel. API keys verified with timing-safe compare. No SDK — just HTTP, so anything that can make a request works (Claude Code, Cursor, LangChain, CrewAI, custom).
Things I know are rough: no pre-seeded integration catalog (you add tools yourself, optionally via an AI-drafted setup guide from a docs URL), V1 has no RBAC inside an org, shared credential rotation is still manual. All solvable, but honest about where it is.
Free forever managed, or self-host. Would love brutal feedback — architecture, the agent-driven catalog bet, the BSL decision, threat model, anything.