Secure Credentials for AI Agents

Open standard for protecting API keys, tokens, and secrets. From environment variables to hardware security modules.

Read the Spec Get Started
7 Core Operations
4 Backend Types
5 Transports
agent.py 
from avp import Vault
from langchain_anthropic import ChatAnthropic

# Connect to hardware vault
vault = Vault("avp+usb:///dev/ttyACM0")
vault.authenticate(pin="******")

# API key from secure hardware
api_key = vault.retrieve("anthropic_api_key")

# Use with AI framework
llm = ChatAnthropic(api_key=api_key)
response = llm.invoke("Hello, Claude!")

The Problem

Environment Variables

Leaked in logs, process dumps, and error messages. Visible to any process on the system.

Config Files

Accidentally committed to git. Backed up to cloud. Readable by other users.

Secret Managers

Still software-based. Single point of failure. Complex setup and maintenance.

The Solution

AVP provides a unified interface for credential management across all security levels

Universal Protocol

One API for file-based, keychain, hardware, and remote backends. Switch backends without changing code.

Hardware Security

Optional hardware-backed storage with TROPIC01 secure element. Keys never leave the chip.

Framework Agnostic

Works with LangChain, CrewAI, ZeroClaw, and any custom agent. Just import and use.

Open Standard

Apache 2.0 licensed. Community-driven. No vendor lock-in. Build your own implementation.

How It Works

Your Agent
LangChain / CrewAI / Custom Agent
↓ AVP Protocol
AVP Client
vault.retrieve("api_key")
↓ JSON / MCP / gRPC
Backends
File
Keychain
Hardware
Remote
DISCOVER Query capabilities
AUTHENTICATE Start session
STORE Save secret
RETRIEVE Get secret
DELETE Remove secret
LIST List secrets
ROTATE Update secret

Implementations

Official clients and framework integrations

Python

avp-py

Python client library

pip install avp-py
TypeScript

avp-ts

TypeScript/Node.js client

npm install @avp/client
Rust

avp-rs

Rust client library

cargo add avp-rs
Go

avp-go

Go client library

go get avp-protocol/avp-go

Framework Integrations

LangChain Ready CrewAI Ready ZeroClaw Ready OpenClaw Ready
Coming March 2026

NexusClaw

Hardware Security Key for AI Agents

The first USB security key designed specifically for AI agents. Store your API keys in tamper-resistant silicon with TROPIC01 secure element.

  • 128 secure storage slots
  • Hardware-based signing
  • PIN protection with lockout
  • Open source firmware
View on GitHub
NexusClaw Device

Ready to Secure Your AI Agents?

Start with the specification, pick your implementation, and protect your credentials today.

Read the Specification Browse Repositories