Your API key is in your chat history right now

The secure infrastructure layer for AI agents. Store secrets, inspect LLM traffic, and sign transactions — credentials never touch context, logs, or memory.

1,000 free requests / month · no card required

HSM-backed secretsMPC key splittingTEE-protected proxy37 MCP tools109+ EVM chainsZero secrets in contextShort-lived JWTsFull audit trailHSM-backed secretsMPC key splittingTEE-protected proxy37 MCP tools109+ EVM chainsZero secrets in contextShort-lived JWTsFull audit trail

[01]  THE PROBLEM

Before and after 1claw. The difference between hoping your key is safe and knowing it

Without 1claw
  • API keys pasted into prompts, context windows, and chat history
  • Credentials leak into logs, memory, and debug traces
  • No rotation, no audit trail, no way to revoke one agent
AI Assistantkey exposed

Use my Stripe key to check the balance.

Sure — calling the Stripe API with sk_live_51N8x…a4bQR7kJ2m

Now in the context window, logs, and memory. You can't un-paste it.

With 1claw
  • Secrets stay in the HSM — agents fetch them at runtime, never store them
  • Short-lived JWTs, scoped policies, full audit trail
  • Revoke any agent instantly — no need to rotate the secret
AI Agent · 1clawvault-secured

// Agent fetches the secret at runtime — never sees it

const secret = await client.secrets.get(vaultId, "api-keys/stripe");

const balance = await stripe.balance.retrieve();

Fetched, used, discarded — never in chat history.

Audit log: agent:cursor → api-keys/stripe

[02]  THE PLATFORM

What 1claw does. Three products, one dashboard

Vault

HSM-backed secrets for agents

  • Envelope encryption — per-secret DEKs wrapped by Cloud KMS, with optional MPC key splitting
  • Scoped policies, short-lived JWTs, full audit trail
  • SDK, CLI, 37 MCP tools — native for Claude, Cursor, GPT
Quickstart

Shroud

A TEE proxy that inspects every LLM request

  • Bi-directional inspection — request and response scored for injection, exfil URLs, and data-URI blobs
  • Multi-layer threat detection: injection, encoding, network, filesystem, social engineering, output & semantic policy
  • Unicode normalization, homoglyph detection, and PII redaction
  • Per-agent config: providers, models, token caps, blocked domains
Explore Shroud

Intents API

Sign transactions without holding keys

  • Private keys stay in HSM/TEE — agent submits intent, API signs
  • 109+ EVM chains plus native Bitcoin, Solana, XRP, Cardano, Tron
  • Per-agent guardrails, Tenderly simulation (EVM), idempotency keys
Explore Intents API

[03]  HOW IT WORKS

How it works. Three steps from zero to secure agent operations

01

Store secrets in your vault

Create vaults with optional MPC key splitting and store API keys, tokens, certificates. Each secret is envelope-encrypted with HSM-backed keys — optionally split across GCP, AWS, and Azure.

02

Register an agent, attach a policy

Give each agent its own identity with scoped permissions. Turn on Shroud for LLM inspection and the Intents API for transaction signing.

03

Your agent runs, fully secured

Secrets are fetched at runtime, LLM traffic is inspected by Shroud, and transactions are signed inside the HSM — every action on the audit log.

[04]  INTEGRATIONS

Works natively with Claude, Cursor, and GPT. Just-in-time vault access over MCP — hosted or local stdio

MCP documentation
mcp.json
{
  "mcpServers": {
    "1claw": {
      "url": "https://mcp.1claw.xyz/mcp",
      "headers": {
        "Authorization": "Bearer ocv_your_agent_api_key"
      }
    }
  }
}

By the numbers

Built to disappear from your stack. Secrets go in, nothing leaks out

0

secrets in your context window, logs, or memory

0

MCP tools, native to Claude, Cursor & GPT

0

cloud HSMs — keys split across GCP, AWS & Azure

0+

EVM chains plus BTC, SOL, XRP, ADA, TRX via Intents

Go deeper — 2026 State of Agentic AI Threats: 12 threat categories, real-world incident timelines, and defensive architecture for the agentic stack.

Read the report

Use cases

Built for every agent stack. From coding copilots to on-chain payment agents

Coding agents

Claude, Cursor & Copilot fetch API keys at runtime — never from .env files in your repo.

Trading bots

DeFi agents sign transactions through the Intents API; private keys stay in the HSM.

Support agents

Customer-facing agents get scoped credentials, with every call on the audit log.

Data pipelines

ETL and RAG jobs receive just-in-time secrets backed by short-lived JWTs.

Browser agents

Web-automation agents run behind Shroud — traffic inspected, secrets redacted.

Embedded wallets

Drop-in wallets with email login and spend policies for consumer apps.

Research agents

RAG and web-research agents read sources through Shroud, with PII redacted in flight.

Payment agents

Autonomous payment agents settle on-chain with per-transaction value caps and allowlists.

Coding agents

Claude, Cursor & Copilot fetch API keys at runtime — never from .env files in your repo.

Trading bots

DeFi agents sign transactions through the Intents API; private keys stay in the HSM.

Support agents

Customer-facing agents get scoped credentials, with every call on the audit log.

Data pipelines

ETL and RAG jobs receive just-in-time secrets backed by short-lived JWTs.

Browser agents

Web-automation agents run behind Shroud — traffic inspected, secrets redacted.

Embedded wallets

Drop-in wallets with email login and spend policies for consumer apps.

Research agents

RAG and web-research agents read sources through Shroud, with PII redacted in flight.

Payment agents

Autonomous payment agents settle on-chain with per-transaction value caps and allowlists.

Browser agents

Web-automation agents run behind Shroud — traffic inspected, secrets redacted.

Embedded wallets

Drop-in wallets with email login and spend policies for consumer apps.

Research agents

RAG and web-research agents read sources through Shroud, with PII redacted in flight.

Payment agents

Autonomous payment agents settle on-chain with per-transaction value caps and allowlists.

Coding agents

Claude, Cursor & Copilot fetch API keys at runtime — never from .env files in your repo.

Trading bots

DeFi agents sign transactions through the Intents API; private keys stay in the HSM.

Support agents

Customer-facing agents get scoped credentials, with every call on the audit log.

Data pipelines

ETL and RAG jobs receive just-in-time secrets backed by short-lived JWTs.

Browser agents

Web-automation agents run behind Shroud — traffic inspected, secrets redacted.

Embedded wallets

Drop-in wallets with email login and spend policies for consumer apps.

Research agents

RAG and web-research agents read sources through Shroud, with PII redacted in flight.

Payment agents

Autonomous payment agents settle on-chain with per-transaction value caps and allowlists.

Coding agents

Claude, Cursor & Copilot fetch API keys at runtime — never from .env files in your repo.

Trading bots

DeFi agents sign transactions through the Intents API; private keys stay in the HSM.

Support agents

Customer-facing agents get scoped credentials, with every call on the audit log.

Data pipelines

ETL and RAG jobs receive just-in-time secrets backed by short-lived JWTs.

[05]  PRICING

Start free, scale as you grow. 1,000 requests a month, free. No card required

Free

$0forever
  • 1,000 requests / mo
  • 3 vaults · 50 secrets
  • 2 agents
Start free

Pro

$29/ mo
  • 20k requests / mo
  • MPC 2-of-2 client custody
  • Platform API · Webhooks
Start trial

Team

Popular
$299/ mo
  • 200k requests / mo
  • SSO (SAML / OIDC)
  • 50 agents · 20 seats
Start trial

Business

$999/ mo
  • 500k requests / mo
  • Multi-HSM MPC 2-of-3
  • Intents API · Shroud
Subscribe

Or x402 pay-per-use on Base (USDC) — no subscription, settled on-chain per request.

Compare all plans

2026 State of Agentic AI Threats

12 threat categories. Real-world incident timelines. Defensive architecture for the agentic stack. From prompt injection at CVSS 9.6 to $1.46B supply chain compromise.

Read the reportFree download · April 2026

Secure your agents' secrets, LLM traffic, and transactions

One platform for HSM-backed secrets, TEE-inspected LLM traffic, and controlled signing — every action scoped, audited, and revocable.

No credit card required. Full audit trail included on every plan.

Building with AI? See our agent integration guide →

1Claw: Secure Infrastructure for AI Agents

1Claw is an HSM-backed secrets management and multi-chain transaction signing platform built for AI agents and humans. Agents authenticate with scoped API keys (ocv_ prefix), receive short-lived JWTs, and access only the secret paths explicitly granted by a human via policies. Free tier available: 1,000 requests/month, 3 vaults, 2 agents — no payment required.

When to use 1Claw

  • Store API keys and credentials securely (not in .env or LLM context)
  • Sign blockchain transactions without exposing private keys
  • Route LLM traffic through a TEE for secret redaction
  • Authenticate to external services using OIDC federation
  • Build platforms that provision secrets and wallets for end users
  • Inspect untrusted text for prompt injection or PII

When NOT to use 1Claw

  • General key-value storage or non-secret configuration
  • Public data, caching, or ephemeral state
  • Hosting or serving LLM models

Secret Management

HSM-backed encrypted vaults with versioning, rotation, expiry, and max-access-count. CMEK and MPC (GCP + AWS + Azure) for enterprise. Scoped access policies per agent.

Multi-Chain Signing

Sign and broadcast on Ethereum, Bitcoin, Solana, XRP (30+ tx types), Cardano, and Tron. Per-agent guardrails: address allowlists, value caps, daily limits, token restrictions.

Shroud TEE Proxy

AMD SEV-SNP enclave at shroud.1claw.xyz. Prompt injection detection, per-org secret redaction, per-agent policies. Supports OpenAI, Anthropic, Google, Mistral, Cohere.

Platform API

Bootstrap templates provision users, vaults, agents, policies, and signing keys. Embedded wallets with Email OTP and social login. Three billing models.

OIDC Federation

Exchange agent JWTs for RS256 OIDC tokens accepted by Anthropic WIF, GCP STS, AWS STS. JWKS at /.well-known/jwks.json with EdDSA and RS256.

Developer Tools

SDK: @1claw/sdk. CLI: brew install 1clawAI/tap/1claw. MCP: 37 tools via @1claw/mcp. OpenAPI 3.1 with 239 operations.

Scoped Permissions

JWT scopes grant fine-grained access. Each scope maps to specific API operations:

secrets:read — read secret values from authorized pathssecrets:write — create or update secretssecrets:rotate — server-side rotation with crypto generationagents:read — view agent config and signing keysagents:write — create, update, or delete agentsvaults:read — list and view vault metadatavaults:write — create, update, or delete vaultspolicies:read — view access policiespolicies:write — create, update, or delete policiestransactions:sign — sign without broadcastingtransactions:submit — sign and broadcastaudit:read — view audit event log