If you have read enough about AI agent security, you keep hitting the same recommendation: "use a credential broker." It is the right answer — but almost nobody explains what the thing actually is. Here is the plain version, and how to tell whether you need one.
The one-sentence definition
A credential broker is a piece of software that holds your real API keys and OAuth tokens in one place, and hands each AI agent its own scoped, revocable credential instead of the raw secret. The agent talks to the broker; the broker talks to the real service. The agent never sees your actual key.
That is the whole idea. Everything good about it follows from "the agent never holds the real secret."
What problem it solves
Without a broker, every agent you run ends up holding live keys — usually the same shared key, copied into config after config. That is credential sprawl, and it means a single leak compromises everything. The broker collapses that mess into one controlled chokepoint:
- One place your secrets live, instead of scattered across a dozen agent configs.
- One identity per agent, so you can tell who did what and cut one without touching the rest.
- One action to revoke, instead of rotating a shared key and redeploying every agent.
It is the difference between "I gave my agents my keys and I'm nervous" and "every agent has exactly the access I granted, and I can pull any plug instantly."
How it works, step by step
- You connect your real accounts to the broker once (OpenAI, GitHub, cloud, etc.).
- The broker stores those real credentials securely, in one place you control.
- Each agent gets its own scoped credential — a key that only works through the broker, only for what you authorized.
- When an agent makes a call, the broker checks the scope, swaps in the real key behind the scenes, and forwards the request.
- If an agent misbehaves, you revoke its credential — and only its credential.
The agent does its job. The real secret never leaves the broker.
Broker vs. the alternatives
| Approach | Agent holds raw key? | Per-agent revocation? | Where secrets live |
|---|---|---|---|
| Shared key in every config | Yes | No | Everywhere |
| Per-service keys, one per agent | Yes | Manual, per provider | Many places |
| OS keychain / vault | Yes (reads it at runtime) | No | One place, but agent still sees it |
| Credential broker | No | Yes, one click | One place |
A keychain is a real step up from a flat file — but the agent still ends up holding the live secret at runtime, so it can still leak it. The broker is the only row where the agent never touches the real key. (More on that tradeoff in local-first vs cloud credential storage.)
Do you actually need one?
You need a broker if any of these are true:
- You run more than one agent, especially always-on ones.
- You have ever pasted the same key into multiple agents.
- You could not revoke a single misbehaving agent right now without rotating a shared key.
- You run agents that read untrusted content (web pages, emails, issues) — i.e. anything exposed to prompt injection.
If none of those apply — you run exactly one agent, with one tightly-scoped key, that you can kill instantly — you may not need one yet. Everyone else does.
The local-first version
The strongest form for an individual operator is a local broker: your real keys never leave your own machine, nothing is parked in someone else's cloud.
Agent Master Key is exactly this — a local credential broker for AI agents. Connect your accounts once on your Mac, each agent gets a scoped Master Key instead of your raw credential, your real keys stay on the machine, and you revoke any agent in one click. It is the broker pattern, packaged so you do not have to build it yourself.
Bottom line
A credential broker is not exotic infrastructure — it is the missing layer between "agents are useful" and "agents are safe." It keeps your real keys in one place, gives every agent its own revocable identity, and turns a leaked credential into a non-event. If you run more than one agent, it is the single highest-leverage security change you can make.
Want someone to tell you whether your current setup needs one — and exactly what to fix? That is the $99 AI Agent Security & Setup Audit.