Core Concepts
SanctumAI is built around six core concepts that work together to provide secure credential management for AI agents.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VAULT β
β βββββββββββββ βββββββββββββ ββββββββββββββββββββββββ β
β βCredentialsβ β Agents β β Policies β β
β β (secrets) β β(identitiesβ β (access rules) β β
β β β β β β β β
β βββββββ¬ββββββ βββββββ¬ββββββ ββββββββββββ¬ββββββββββββ β
β β β β β
β ββββββββββββββββΌβββββββββββββββββββββ β
β β β
β ββββββββββΌββββββββββ β
β β Audit Events β β
β β (HMAC chain) β β
β ββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
CRP (resolution)
β
βββββββββΌβββββββββ
β Export Layer β
β (SIEM, S3, ...)β
ββββββββββββββββββConcepts
- Vaults β Encrypted containers that hold everything. AES-256-GCM envelope encryption.
- Credentials β The secrets themselves: API keys, tokens, passwords, certificates.
- Agents β AI agent identities with Ed25519 keypairs for authentication.
- Policies β Deny-by-default access rules with glob patterns, TTLs, and rate limits.
- Audit Events β Tamper-evident HMAC-chained log of every operation.
- CRP β Credential Resolution Protocol: how agents discover and retrieve secrets at runtime.