Secrets Broker
wl-secrets-broker is a policy-enforced secrets management service that issues scoped, time-limited Secret Capability Tokens (SCTs). Agents never see raw API keys — credentials are injected at the proxy layer.
How It Works
- wl-proxy receives an agent's API request
- wl-proxy requests credentials from wl-secrets-broker
- wl-secrets-broker checks authorization via wl-apdp
- If authorized, wl-secrets-broker issues an SCT and retrieves the credential from OpenBao
- wl-proxy injects the credential into the upstream request
- Full audit trail is logged
Secret Capability Tokens (SCTs)
SCTs are the core primitive for credential access:
| Property | Description |
|---|---|
| Ed25519 signed | Cryptographically verifiable |
| Time-limited | Expire after a configurable TTL |
| Single-use (JTI) | Consumed on first use, cannot be replayed |
| Scope-limited | Bound to a specific agent, action, and resource |
Secrets Storage
Credentials (OpenAI API keys, Anthropic API keys, etc.) are stored in OpenBao (HashiCorp Vault-compatible), running in in-memory mode — secrets are never written to disk.
The bootstrap script prompts for API keys during installation and stores them in OpenBao's KV secrets engine.
Authorization Integration
Every credential request is authorized by wl-apdp before issuance. Cedar policies control which agents can access which credentials:
permit(
principal == Agent::"research-agent",
action == Action::"access_secret",
resource == Secret::"openai-api-key"
) when {
context.intent_category == "DataAnalysis" &&
context.goal_status == "Active"
};
Webhook Authentication
wl-secrets-broker supports HMAC-SHA256 authenticated webhook callbacks for audit integration with external systems.