did:sigilum:{human}namespace:{service}API provider#{agent}agent fingerprint

Stop risking your API keys with AI agents.

Sigilum lets your agents access services without ever touching your API keys. Approve what they can do, revoke access anytime.

Create AccountHow It Works
Works with OpenClaw and every major agent framework.
OpenClawLangChainCrewAIVercel AI SDKGoogle ADKOpenAI Agents+ any framework

The Problem

Your agent has your keys. That's the risk.

Every agent framework works the same way: you paste your API keys into a .env file and the agent uses them as you. If the agent is compromised, your keys are compromised. If it goes rogue, it has full access. The service can't tell the difference.

.env · today
OPENAI_API_KEY=sk-proj-8kF3x...a9Qm
STRIPE_SECRET_KEY=sk_live_51N...xYz
BANK_API_TOKEN=pat_4f8b2c...d71e
# the agent has YOUR keys. it IS you.
with Sigilum
identity:    did:sigilum:tyllen:claude#a3bf
signed_with: ed25519:nMBM...Kx9P
authorized:  true <- approved by human
# no API keys exposed. agent never has your secrets.
Without Sigilum

Shared secrets everywhere

Agent holds your API keys. If compromised, the attacker has full access to your accounts.

With Sigilum

Agent never touches your keys

Agent authenticates on its own. Your API keys stay with you, not in a .env file an agent can read.

Without Sigilum

No way to revoke one agent

You rotate the API key and every integration breaks. All-or-nothing access control.

With Sigilum

Revoke one agent, keep the rest

Cut off one agent without rotating your API keys or breaking every other integration.

Without Sigilum

Service can't tell human from agent

Same credentials, same access. No audit trail of what the agent did vs. what you did.

With Sigilum

You see exactly what each agent did

Every API call is attributable. Know which agent made it, who approved it, and when.

How It Works

Request. Approve. Verify.

1
Agent requests access

Agent generates an Ed25519 keypair and requests access to a service.

2
Human approves

The human reviews and approves with a passkey. The authorization goes on chain.

3
Service verifies

Agent signs requests. Service verifies the signature against the on-chain registry.

did:sigilum:johndee                     <- namespace (the human)
  |-- acmebank                          <- service
  |     |-- ed25519:nMBM... (approved)  <- agent public key
  |-- dataapi
  |     |-- ed25519:Kx9P... (approved)
  |-- emailservice
        |-- ed25519:Qm7R... (pending)
DID: did:sigilum:johndee:acmebank#a3bf4f1b2b0b822cd15d6c15b0f00a08

A namespace is your account. An authorization links an agent key to a service under your namespace. Only you can approve or revoke with your passkey. Verification is offline. Ed25519 signatures are checked locally with built-in replay protection. No runtime dependency on Sigilum.

Integrate

Set up Sigilum for OpenClaw in minutes.

Stop handing API keys to your agents. One install command, one approval, and your agents access services without your secrets. Works with LangChain, Vercel AI SDK, CrewAI, Google ADK, and other stacks too.

1Sign up for a Sigilum account and reserve your namespace.
2Run on the machine where your agent is hosted:
curl -fsSL https://github.com/PaymanAI/sigilum/releases/latest/download/install-curl.sh | bash
source ~/.zshrc
sigilum gateway start --namespace <your-namespace>
3Pair your gateway from the dashboard and add providers.

That's it. Your agents authenticate as themselves - your API keys stay in your gateway.

Supported SDKs

TypeScript · @sigilum/sdkGo · @sigilum/sdk-goPython · @sigilum/sdk-pythonJava · @sigilum/sdk-java
Framework guides: OpenClaw, LangChain, Vercel AI SDK, CrewAI, Google ADK, OpenAI Agents

I already use API keys

But you know these are risks.

I'll just revoke the key if something goes wrong.

By the time you notice, the damage is done. A leaked API key gives an attacker full access to every service that key touches, and revoking it breaks every other integration using it. With Sigilum, you revoke one agent's key. Everything else keeps running.

My agent only runs locally. It's fine.

Your key is still in plaintext in a .env file. Any process on your machine can read it. A malicious npm package. A supply chain attack. A misconfigured Docker volume. Local doesn't mean safe. With Sigilum, the agent never has your API keys to begin with.

I use scoped API keys with limited permissions.

Better, but the service still can't tell if it's you or your agent making the call. There's no audit trail. No way to attribute actions. And when that scoped key leaks, the attacker has whatever permissions you scoped - which are usually exactly the permissions that matter.

This sounds like more complexity for my stack.

One package. Three lines of code. The agent generates its own keypair on first run. You approve it once in the dashboard with a passkey. Done. The agent handles signing automatically. It's less work than managing API key rotation.

npm install @sigilum/sdk
What if the agent's private key gets compromised?

Then only that one agent is compromised. Revoke its key, spin up a new one. Your other agents, services, and accounts are untouched. Compare that to an API key leak: every integration sharing that key is exposed. The blast radius is the entire difference.

I trust my agent framework. Isn't that enough?

The framework is fine. The problem is the credential model. LangChain, CrewAI, Vercel AI SDK: they all expect you to paste API keys. Sigilum removes your keys from the equation entirely. And it works with all of them.

The Inspiration

In 1582, John Dee created the Sigillum Dei Aemeth, a seal to authenticate communication between humans and higher intelligences.

Without the seal, you couldn't trust the channel. The seal was proof that both sides were who they claimed to be.

We're in 2026. AI agents call APIs, move money, sign contracts on behalf of humans. The question is the same: how does a service know if this agent is authorized to act on behalf of its owner?

Sigilum is an open identity registry for AI agents. Agents generate keypairs locally. Public keys are registered on chain. When an agent wants to use a service, the human approves with a passkey. Services verify the agent's signature against the registry.

Like SSH authorized_keys, but for AI agents talking to services.

Stop handing your API keys to AI agents.

Approve what agents can do. Revoke access anytime. No keys to leak.

Create AccountView on GitHub