1Claw — HSM-Backed Secret Management for AI Agents

1Claw is a cloud HSM-backed secrets manager. Agents access API keys, passwords, and credentials at runtime without them ever entering the conversation context. Secrets are encrypted with keys that never leave the HSM.

API base URL: https://api.1claw.xyz
Shroud (TEE proxy): https://shroud.1claw.xyz
MCP endpoint: https://mcp.1claw.xyz/mcp
Dashboard: https://1claw.xyz
Docs: INLINECODE4

When to use this skill

- You need an API key, password, or credential to complete a task
You want to store a newly generated credential securely
You need to share a secret with a user or another agent
You need to rotate a credential after regenerating it
You want to check what secrets are available before using one
You need to sign or simulate an EVM transaction without exposing private keys
You want TEE-grade key isolation for transaction signing (use Shroud at shroud.1claw.xyz)

Setup

Option 0: Self-enrollment (new agents)

If you don't have credentials yet, self-enroll — this sends them to your human:

CODEBLOCK0

The human receives the Agent ID + API key by email. They then configure policies for your access.

Option 1: MCP server (recommended for AI agents)

Add to your MCP client configuration. Only the API key is required — agent ID and vault are auto-discovered.

CODEBLOCK1

Optional overrides: ONECLAW_AGENT_ID (explicit agent), ONECLAW_VAULT_ID (explicit vault).

Hosted HTTP streaming mode:

CODEBLOCK2

Option 2: TypeScript SDK

CODEBLOCK3

CODEBLOCK4

Option 3: Direct REST API

Authenticate, then pass the Bearer token on every request.

CODEBLOCK5

Alternative: 1ck_ API keys (personal or agent) can be used directly as Bearer tokens — no JWT exchange needed.

Authentication

Agent auth flow

1. Human registers an agent in the dashboard or via POST /v1/agents with an auth_method (api_key default, mtls, or oidc_client_credentials). For api_key agents → receives agent_id + api_key (prefix ocv_). For mTLS/OIDC agents → receives agent_id only (no API key).
All agents auto-receive an Ed25519 SSH keypair (public key on agent record, private key in __agent-keys vault).
API key agents exchange credentials: POST /v1/auth/agent-token with { "api_key": "<key>" } (or { "agent_id": "<uuid>", "api_key": "<key>" }) → returns { "access_token": "<jwt>", "expires_in": 3600, "agent_id": "<uuid>", "vault_ids": ["..."] }. Agent ID is optional — the server resolves it from the key prefix.
Agent uses Authorization: Bearer <jwt> on all subsequent requests.
JWT scopes derive from the agent's access policies (path patterns). If no policies exist, scopes are empty (zero access). The agent's vault_ids are also included in the JWT — requests to unlisted vaults are rejected.
Token TTL defaults to ~1 hour but can be set per-agent via token_ttl_seconds. The MCP server auto-refreshes 60s before expiry.

API key auth

Tokens starting with 1ck_ (human personal API keys) or ocv_ (agent API keys) can be used as Bearer tokens directly on any authenticated endpoint.

MCP Tools Reference

list_secrets

List all secrets in the vault. Returns paths, types, and versions — never values.

Parameter	Type	Required	Description
INLINECODE29	string	no	Path prefix to filter (e.g. `api-keys/`)

get_secret

Fetch the decrypted value of a secret. Use immediately before the API call that needs it. Never store the value or include it in summaries.

Parameter	Type	Required	Description
INLINECODE31	string	yes	Secret path (e.g. `api-keys/stripe`)

put_secret

Store a new secret or update an existing one. Each call creates a new version.

Parameter	Type	Required	Default	Description
INLINECODE33	string	yes		Secret path
INLINECODE34

delete_secret

Soft-delete a secret. Reversible by an admin.

Parameter	Type	Required	Description
INLINECODE48	string	yes	Secret path to delete

describe_secret

Get metadata (type, version, expiry) without fetching the value. Use to check existence.

Parameter	Type	Required	Description
INLINECODE49	string	yes	Secret path

rotateandstore

Store a new value for an existing secret, creating a new version. Use after regenerating a key.

Parameter	Type	Required	Description
INLINECODE50	string	yes	Secret path
INLINECODE51

string | yes | New secret value |

getenvbundle

Fetch an env_bundle secret and parse its KEY=VALUE lines as JSON.

Parameter	Type	Required	Description
INLINECODE54	string	yes	Path to an `env_bundle` secret

create_vault

Create a new vault for organizing secrets.

Parameter	Type	Required	Description
INLINECODE56	string	yes	Vault name (1–255 chars)
INLINECODE57

string | no | Short description |

list_vaults

List all vaults accessible to you. No parameters.

grant_access

Grant a user or agent access to a vault path pattern.

Parameter	Type	Required	Default	Description
INLINECODE58	string (UUID)	yes		Vault ID
INLINECODE59

share_secret

Share a secret via link, with your creator, or with a specific user/agent.

Parameter	Type	Required	Description
INLINECODE70	string (UUID)	yes	The secret's UUID
INLINECODE71

Targeted shares (creator/user/agent) require the recipient to explicitly accept before access.

simulate_transaction

Simulate an EVM transaction via Tenderly without signing. Returns balance changes, gas estimates, success/revert status.

Parameter	Type	Required	Default	Description
INLINECODE82	string	yes		Destination address (0x-prefixed)
INLINECODE83

string | yes | | Value in ETH (e.g. "0.01") |
| chain | string | yes | | Chain name or chain ID (see Supported Chains) |
| data | string | no | | Hex-encoded calldata |
| signing_key_path | string | no | keys/{chain}-signer | Vault path to signing key |
| gas_limit | number | no | 21000 | Gas limit |

submit_transaction

Submit an EVM transaction for signing and optional broadcast. Requires intents_api_enabled.

Parameter	Type	Required	Default	Description
INLINECODE91	string	yes		Destination address
INLINECODE92

string | yes | | Value in ETH |
| chain | string | yes | | Chain name or chain ID |
| data | string | no | | Hex-encoded calldata |
| signing_key_path | string | no | keys/{chain}-signer | Vault path to signing key |
| nonce | number | no | auto-resolved | Transaction nonce |
| gas_price | string | no | | Gas price in wei (legacy mode) |
| gas_limit | number | no | 21000 | Gas limit |
| max_fee_per_gas | string | no | | EIP-1559 max fee in wei (triggers Type 2) |
| max_priority_fee_per_gas | string | no | | EIP-1559 priority fee in wei |
| simulate_first | boolean | no | true | Run Tenderly simulation before signing |

REST API Quick Reference

Base URL: https://api.1claw.xyz. All authenticated endpoints require Authorization: Bearer <token>.

Auth (public — no token required)

Method	Path	Description
INLINECODE105	INLINECODE106	Login (email + password) → INLINECODE107
INLINECODE108

/v1/auth/agent-token | Agent login (agentid + apikey) → { access_token } | | POST | /v1/auth/google | Google OAuth | | POST | /v1/auth/signup | Create account → sends verification email | | POST | /v1/auth/verify-email | Verify email token → creates user | | POST | /v1/auth/mfa/verify | Verify MFA code during login |

Auth (authenticated)

Method	Path	Description
INLINECODE119	INLINECODE120	Get current user profile
INLINECODE121

/v1/auth/me | Update profile (display_name, marketing_emails) | | DELETE | /v1/auth/me | Delete account (body: { "confirmation": "DELETE MY ACCOUNT" }) | | DELETE | /v1/auth/token | Revoke current token | | POST | /v1/auth/change-password | Change password |

Vaults

Method	Path	Description
INLINECODE132	INLINECODE133	Create vault (`{ name, description? }`) → INLINECODE135
INLINECODE136

/v1/vaults | List vaults → { vaults: [...] } | | GET | /v1/vaults/{id} | Get vault details | | DELETE | /v1/vaults/{id} | Delete vault → 204 | | POST | /v1/vaults/{id}/cmek | Enable CMEK ({ fingerprint }) | | DELETE | /v1/vaults/{id}/cmek | Disable CMEK | | POST | /v1/vaults/{id}/cmek-rotate | Start CMEK key rotation (headers: X-CMEK-Old-Key, X-CMEK-New-Key) | | GET | /v1/vaults/{id}/cmek-rotate/{job_id} | Get rotation job status |

Secrets

Method	Path	Description
INLINECODE155	INLINECODE156	Store/update secret (`{ type, value, metadata?, expires_at?, max_access_count? }`) → INLINECODE158
INLINECODE159

/v1/vaults/{id}/secrets/{path} | Read secret → { path, type, value, version, metadata } | | DELETE | /v1/vaults/{id}/secrets/{path} | Delete secret → 204 | | GET | /v1/vaults/{id}/secrets?prefix=... | List secrets (metadata only, no values) |

Agents

Method	Path	Description
INLINECODE167	INLINECODE168	Create agent → INLINECODE169
INLINECODE170

/v1/agents | List agents → { agents: [...] } | | GET | /v1/agents/{id} | Get agent | | GET | /v1/agents/me | Get current agent (self) | | PATCH | /v1/agents/{id} | Update agent (isactive, scopes, intentsapi_enabled, guardrails) | | DELETE | /v1/agents/{id} | Delete agent → 204 | | POST | /v1/agents/{id}/rotate-key | Rotate agent API key → { api_key: "ocv_..." } | | POST | /v1/agents/{id}/rotate-identity-keys | Rotate agent SSH + ECDH keypairs (user-only; keys in __agent-keys vault) |

Policies (Access Control)

Method	Path	Description
INLINECODE188	INLINECODE189	Create policy (`{ principal_type, principal_id, secret_path_pattern, permissions, conditions?, expires_at? }`)
INLINECODE191

/v1/vaults/{id}/policies | List policies for vault | | PUT | /v1/vaults/{id}/policies/{pid} | Update policy (permissions, conditions, expires_at only) | | DELETE | /v1/vaults/{id}/policies/{pid} | Delete policy → 204 |

Sharing

Method	Path	Description
INLINECODE198	INLINECODE199	Create share link
INLINECODE200

/v1/shares/outbound | List shares you created | | GET | /v1/shares/inbound | List shares sent to you | | POST | /v1/shares/{id}/accept | Accept an inbound share | | POST | /v1/shares/{id}/decline | Decline an inbound share | | DELETE | /v1/share/{id} | Revoke a share | | GET | /v1/share/{id} | Access a share (public, may require passphrase) |

Intents API (requires `intents_api_enabled`)

Method	Path	Description
INLINECODE213	INLINECODE214	Submit transaction for signing. Optional `Idempotency-Key` header for replay protection (24h TTL)
INLINECODE216

/v1/agents/{id}/transactions | List agent's transactions. signed_tx redacted unless ?include_signed_tx=true | | GET | /v1/agents/{id}/transactions/{txid} | Get transaction details. signed_tx redacted unless ?include_signed_tx=true | | POST | /v1/agents/{id}/transactions/simulate | Simulate single transaction | | POST | /v1/agents/{id}/transactions/simulate-bundle | Simulate transaction bundle |

Audit

Method	Path	Description
INLINECODE228	INLINECODE229	Query audit events

Billing

Method	Path	Description
INLINECODE230	INLINECODE231	Subscription status, usage, credit balance
INLINECODE232

Chains

Method	Path	Description
INLINECODE244	INLINECODE245	List supported chains
INLINECODE246

/v1/chains/{name_or_id} | Get chain details |

Other

Method	Path	Description
INLINECODE248	INLINECODE249	Health check → INLINECODE250
INLINECODE251

/v1/health/hsm | HSM health → { status, hsm_provider, connected } | | POST/GET/DELETE | /v1/auth/api-keys[/{id}] | Manage personal API keys | | GET/POST/DELETE | /v1/security/ip-rules[/{id}] | Manage IP allowlist/blocklist | | GET/PATCH/DELETE | /v1/org/members[/{id}] | Manage org members |

SDK Method Reference

All methods return Promise<OneclawResponse<T>>. Access via client.<resource>.<method>(...).

Resource	Method	Description
INLINECODE262	INLINECODE263	Create vault
INLINECODE264

get(vaultId) | Get vault |
| vaults | list() | List vaults |
| vaults | delete(vaultId) | Delete vault |
| secrets | set(vaultId, key, value, { type?, metadata?, expires_at?, max_access_count? }) | Store/update secret |
| secrets | get(vaultId, key) | Read secret (decrypted) |
| secrets | list(vaultId, prefix?) | List secret metadata |
| secrets | delete(vaultId, key) | Delete secret |
| secrets | rotate(vaultId, key, newValue) | Rotate secret to new version |
| agents | create({ name, description?, scopes?, expires_at?, intents_api_enabled?, token_ttl_seconds?, vault_ids? }) | Create agent → returns agent + api_key |
| agents | get(agentId) | Get agent |
| agents | list() | List agents |
| agents | update(agentId, { is_active?, scopes?, intents_api_enabled?, tx_*? }) | Update agent |
| agents | delete(agentId) | Delete agent |
| agents | rotateKey(agentId) | Rotate agent API key |
| agents | submitTransaction(agentId, { to, value, chain, ... }) | Submit EVM transaction |
| agents | simulateTransaction(agentId, { to, value, chain, ... }) | Simulate transaction |
| agents | simulateBundle(agentId, bundle) | Simulate transaction bundle |
| agents | getTransaction(agentId, txId) | Get transaction |
| agents | listTransactions(agentId) | List agent transactions |
| access | grantAgent(vaultId, agentId, permissions, { path?, conditions?, expires_at? }) | Grant agent access |
| access | grantHuman(vaultId, userId, permissions, { path?, conditions?, expires_at? }) | Grant user access |
| access | listGrants(vaultId) | List policies |
| access | update(vaultId, policyId, { permissions?, conditions?, expires_at? }) | Update policy |
| access | revoke(vaultId, policyId) | Revoke policy |
| sharing | create(secretId, { recipient_type, recipient_id?, expires_at, max_access_count? }) | Create share |
| sharing | access(shareId) | Access shared secret |
| sharing | listOutbound() | Shares you created |
| sharing | listInbound() | Shares sent to you |
| sharing | accept(shareId) | Accept inbound share |
| sharing | decline(shareId) | Decline inbound share |
| sharing | revoke(shareId) | Revoke outbound share |
| audit | query({ action?, actor_id?, from?, to?, limit?, offset? }) | Query audit events |
| billing | usage() | Current month usage |
| billing | history(limit?) | Usage event history |
| auth | login({ email, password }) | Human login |
| auth | agentToken({ agent_id, api_key }) | Agent JWT exchange |
| auth | logout() | Revoke token |
| apiKeys | create({ name, scopes?, expires_at? }) | Create personal API key |
| apiKeys | list() | List API keys |
| apiKeys | revoke(keyId) | Revoke key |
| chains | list() | List supported chains |
| chains | get(identifier) | Get chain by name or ID |
| org | listMembers() | List org members |
| org | updateMemberRole(userId, role) | Update member role |
| org | removeMember(userId) | Remove member |

OpenAPI spec for custom SDKs

The API spec is published as an npm package for generating clients in any language:

CODEBLOCK6

Ships openapi.yaml and openapi.json. Use with any OpenAPI 3.1 codegen tool:

CODEBLOCK7

SDK also re-exports generated types: import type { ApiSchemas } from "@1claw/sdk".

Supported Chains

Default chain registry (query GET /v1/chains for live list):

Name	Chain ID	Testnet
ethereum	1	no
base

8453 | no |
| optimism | 10 | no |
| arbitrum-one | 42161 | no |
| polygon | 137 | no |
| sepolia | 11155111 | yes |
| base-sepolia | 84532 | yes |

Use chain names (e.g. "base", "sepolia") or numeric chain IDs in transaction requests.

Access Control Model

Agents do not get blanket access. A human must create a policy to grant an agent access to specific secret paths.

- Path patterns: Glob syntax — api-keys/*, db/**, ** (all)
Permissions: read, write (delete requires write)
Conditions: IP allowlist, time windows (JSON)
Expiry: Optional ISO 8601 date

If no policy matches → 403 Forbidden. Vault creators always have full access (owner bypass).

Vault binding and token scoping

Agents can be restricted beyond policies:

- vault_ids: Restrict the agent to specific vaults. If non-empty, any request to a vault not in the list returns 403.
token_ttl_seconds: Custom JWT expiry per agent (e.g., 300 for 5-minute tokens).
Scopes from policies: JWT scopes are derived from the agent's access policies. If an agent has no policies and no explicit scopes, it has zero access.

Set via dashboard, CLI (--token-ttl, --vault-ids), SDK, or API.

Customer-Managed Encryption Keys (CMEK)

Enterprise opt-in feature (Business tier and above). A human generates a 256-bit AES key in the dashboard — the key never leaves their device. Only its SHA-256 fingerprint is stored on the server.

- Enable: POST /v1/vaults/{id}/cmek with INLINECODE371
Disable: INLINECODE372
Rotate: POST /v1/vaults/{id}/cmek-rotate (server-assisted, batched in 100s)
Secrets stored in a CMEK vault have cmek_encrypted: true in responses

Agents reading from a CMEK vault receive the encrypted blob. The CMEK key is required to decrypt client-side. This is designed for organizations with compliance requirements — the default HSM encryption is already strong.

Intents API

When intents_api_enabled = true (set by a human):

1. Agent gains transaction signing via the Intents API (keys stay in HSM)
Agent is blocked from reading private_key and ssh_key secrets directly (403)

Default signing key path: keys/{chain}-signer. Override with signing_key_path.

Replay protection (Idempotency-Key)

Include an Idempotency-Key: <unique-string> header on POST /v1/agents/{id}/transactions. The server SHA-256 hashes the key and caches the result for 24 hours. Duplicate submissions with the same key return the cached response instead of re-signing and re-broadcasting. If two concurrent requests share a key, one returns 409 (retry after a moment).

Server-side nonce serialization

When nonce is omitted from a transaction request, the server resolves it automatically via eth_getTransactionCount (pending) and serializes concurrent callers with SELECT FOR UPDATE. This prevents two in-flight submissions from the same agent+chain+address from receiving the same nonce. You can still pass an explicit nonce to override.

signed_tx field gating

GET endpoints (/v1/agents/{id}/transactions and /v1/agents/{id}/transactions/{txid}) redact the signed_tx field by default to reduce exfiltration risk. To include it, pass ?include_signed_tx=true. The initial POST response always includes signed_tx for the originating caller.

Transaction guardrails

Human-configured, server-enforced limits on what the Intents API allows:

Guardrail	Field	Effect
Allowed destinations	INLINECODE391	Only listed addresses permitted. Empty = unrestricted
Max value per tx

Agents cannot modify their own guardrails. Violations return 403 with a descriptive error.

Shroud per-agent LLM proxy

When shroud_enabled = true (set by a human), the agent's LLM traffic is routed through Shroud (shroud.1claw.xyz) for secret redaction, PII scrubbing, prompt injection defense, threat detection, and policy enforcement inside a TEE.

INLINECODE397 is an optional JSON object that lets humans fine-tune the proxy behavior per agent:

Basic settings

Field	Type	Description
INLINECODE398	INLINECODE399 \	INLINECODE400 \	INLINECODE401 \	INLINECODE402	How PII in LLM traffic is handled
INLINECODE403

Threat detection settings

Multi-layered detection for prompt injection, command injection, social engineering, and data exfiltration attempts:

Field	Type	Description
INLINECODE414	object	Homoglyph/zero-width character normalization (see below)
INLINECODE415

unicode_normalization object:

Field	Type	Default	Description
INLINECODE426	boolean	true	Enable Unicode normalization
INLINECODE427

command_injection_detection object:

Field	Type	Default	Description
INLINECODE436	string	INLINECODE437	INLINECODE438, `"sanitize"`, or INLINECODE440
INLINECODE441

string | "default" | "strict" (more patterns), "default", "relaxed" |

social_engineering_detection object:

Field	Type	Default	Description
INLINECODE447	string	INLINECODE448	INLINECODE449 or INLINECODE450
INLINECODE451

string | "medium" | "low" (more triggers), "medium", "high" |

encoding_detection object:

Field	Type	Default	Description
INLINECODE457	string	INLINECODE458	INLINECODE459, `"decode"`, or INLINECODE461
INLINECODE462

network_detection object:

Field	Type	Default	Description
INLINECODE466	string	INLINECODE467	INLINECODE468 or INLINECODE469
INLINECODE470

filesystem_detection object:

Field	Type	Default	Description
INLINECODE473	string	INLINECODE474	INLINECODE475, `"sanitize"`, or INLINECODE477
INLINECODE478

string[] | /etc/passwd, .ssh/, .env, etc. | Paths to detect |

SDK:

CODEBLOCK8

CLI:

CODEBLOCK9

MCP: When shroud_enabled is true, the agent can send LLM requests through shroud.1claw.xyz. The Shroud proxy enforces the agent's shroud_config policy automatically — no client-side changes needed.

Share with Your Human

Agents can share secrets back with the human who created or enrolled them. Use recipient_type: "creator" — no email or user ID needed.

Via MCP:

CODEBLOCK10

Via SDK:

CODEBLOCK11

The human sees the share in their Inbound shares and accepts it. This is the primary pattern for agents that discover or generate credentials and need to report them to their human.

Fleet Patterns

When many agents operate in the same organization:

- Vault organization: Use a shared vault with path-scoped policies (e.g. agents/{name}/**) or per-agent vaults for strict isolation.
Bulk provisioning: Use the authenticated POST /v1/agents endpoint with a human API key to create many agents, or stagger self-enrollment calls to respect the 10-min per-email cooldown.
Vault binding: Set vault_ids on each agent to restrict JWT scope beyond what policies allow.
Token TTL: Shorten to 5 min for ephemeral tasks (token_ttl_seconds: 300), keep default 1h for long-running agents.
Transaction guardrails: Apply tx_max_value_eth, tx_daily_limit_eth, and tx_allowed_chains to all Intents API agents.
Monitoring: Filter the audit log by agent ID to track per-agent activity. Use billing usage to monitor org-wide consumption.

Security Model

- Credentials are configured by the human, not the agent. The MCP server reads them from env vars.
The agent never sees its own credentials. The MCP server authenticates on the agent's behalf.
Access is deny-by-default. Even with valid credentials, only policy-allowed secrets are accessible.
Secret values are fetched just-in-time and must never be stored, echoed, or included in summaries.
Agents cannot create email-based shares (prevents unsolicited email sharing).
Intents API is opt-in. When enabled, raw key reads are blocked.
Transaction guardrails are human-controlled and server-enforced.
Token revocation: DELETE /v1/auth/token (or SDK auth.logout()) revokes the current Bearer token; revoked tokens return 401.
Request body limit: 5MB max; larger requests return 413.

Error Handling

Code	Meaning	Action
400	Bad request	Check request body format
401

All error responses include a detail field with a human-readable message.

Best Practices

1. Fetch secrets just-in-time. Call get_secret immediately before the API call that needs the credential.
Never echo secret values. Say "I retrieved the API key and used it" — never include raw values in responses.
Use describe_secret first to check existence or validity before fetching the full value.
Use list_secrets to discover available credentials before guessing paths.
Rotate after regeneration. If you regenerate an API key at a provider, immediately rotate_and_store the new value.
Use grant_access for vault-level sharing — creates a fine-grained policy with path patterns.
Use share_secret for one-off sharing — creates a time-limited, access-counted share link.
Simulate before signing. Always use simulate_first: true (default) or call simulate_transaction before submit_transaction.
Check list_vaults before creating. Avoid creating duplicate vaults.
Handle 402 gracefully. Billing/quota errors should be surfaced to the user, not retried.

Billing Tiers

Tier	Requests/mo	Vaults	Secrets	Agents	Price
Free	1,000	3	50	2	$0
Pro

25,000 | 25 | 500 | 10 | $29/mo | | Business | 100,000 | 100 | 5,000 | 50 | $149/mo (+ CMEK) | | Enterprise | Custom | Unlimited | Unlimited | Unlimited | Contact (+ CMEK + KMS delegation) |

Overage methods: prepaid credits (top up via Stripe, deducted per request) or x402 micropayments (per-query on-chain payments on Base).

Audit, org, security, chain, billing, and auth endpoints are free and never consume quota.

1Claw — 面向AI代理的HSM密钥管理

1Claw是一款基于云端HSM的密钥管理器。代理可在运行时访问API密钥、密码和凭证，而无需将其带入对话上下文。密钥使用永不离开HSM的加密密钥进行加密。

API基础URL： https://api.1claw.xyz
Shroud（TEE代理）： https://shroud.1claw.xyz
MCP端点： https://mcp.1claw.xyz/mcp
控制台： https://1claw.xyz
文档： https://docs.1claw.xyz

何时使用此技能

- 你需要API密钥、密码或凭证来完成某项任务
你想安全地存储新生成的凭证
你需要与用户或其他代理共享密钥
你需要在重新生成凭证后轮换它
你想在使用前检查哪些密钥可用
你需要在不暴露私钥的情况下签名或模拟EVM交易
你需要交易签名的TEE级密钥隔离（使用 shroud.1claw.xyz 的Shroud）

设置

选项0：自助注册（新代理）

如果你还没有凭证，请自助注册——这会将凭证发送给你的用户：

bash

curl

curl -s -X POST https://api.1claw.xyz/v1/agents/enroll \
-H Content-Type: application/json \
-d {name:my-agent,human_email:human@example.com}

TypeScript SDK（静态方法，无需认证）

import { AgentsResource } from @1claw/sdk; await AgentsResource.enroll(https://api.1claw.xyz, { name: my-agent, human_email: human@example.com, });

CLI（无需认证）

npx @1claw/cli agent enroll my-agent --email human@example.com

用户将通过电子邮件收到代理ID和API密钥。然后他们为你的访问配置策略。

选项1：MCP服务器（推荐用于AI代理）

添加到你的MCP客户端配置。仅需要API密钥——代理ID和保险库会自动发现。

json
{
mcpServers: {
1claw: {
command: npx,
args: [-y, @1claw/mcp],
env: {
ONECLAWAGENTAPI_KEY:
}
}
}
}

可选覆盖：ONECLAWAGENTID（显式代理），ONECLAWVAULTID（显式保险库）。

托管HTTP流模式：

URL: https://mcp.1claw.xyz/mcp
Headers:
Authorization: Bearer
X-Vault-ID:

选项2：TypeScript SDK

bash
npm install @1claw/sdk

ts
import { createClient } from @1claw/sdk;

const client = createClient({
baseUrl: https://api.1claw.xyz,
apiKey: process.env.ONECLAWAGENTAPI_KEY,
});

选项3：直接REST API

进行身份验证，然后在每个请求中传递Bearer令牌。

bash

将代理API密钥交换为JWT（仅密钥——agent_id自动解析）

RESP=$(curl -s -X POST https://api.1claw.xyz/v1/auth/agent-token \
-H Content-Type: application/json \
-d {api_key:})
TOKEN=$(echo $RESP | jq -r .access_token)
AGENTID=$(echo $RESP | jq -r .agentid)

使用JWT

curl -H Authorization: Bearer $TOKEN https://api.1claw.xyz/v1/vaults

替代方案： 1ck_ API密钥（个人或代理）可直接用作Bearer令牌——无需JWT交换。

身份验证

代理认证流程

1. 用户在控制台或通过 POST /v1/agents 注册代理，并指定 authmethod（默认为 apikey，mtls 或 oidcclientcredentials）。对于 apikey 代理→接收 agentid + apikey（前缀 ocv）。对于mTLS/OIDC代理→仅接收 agentid（无API密钥）。
所有代理自动接收Ed25519 SSH密钥对（公钥在代理记录中，私钥在 agent-keys 保险库中）。
API密钥代理交换凭证：POST /v1/auth/agent-token 使用 { apikey: }（或 { agentid: , apikey: }）→返回 { accesstoken: , expiresin: 3600, agentid: , vaultids: [...] }。代理ID是可选的——服务器从密钥前缀解析。
代理在所有后续请求中使用 Authorization: Bearer 。
JWT作用域源自代理的访问策略（路径模式）。如果没有策略，作用域为空（零访问）。代理的 vaultids 也包含在JWT中——对未列出保险库的请求将被拒绝。
令牌TTL默认为约1小时，但可通过 tokenttl_seconds 为每个代理设置。MCP服务器在过期前60秒自动刷新。

API密钥认证

以 1ck（用户个人API密钥）或 ocv（代理API密钥）开头的令牌可直接用作任何已认证端点上的Bearer令牌。

MCP工具参考

list_secrets

列出保险库中的所有密钥。返回路径、类型和版本——从不返回值。

参数	类型	必需	描述
prefix	string	否	用于过滤的路径前缀（例如 api-keys/）

get_secret

获取密钥的解密值。在需要它的API调用之前立即使用。切勿存储该值或将其包含在摘要中。

参数	类型	必需	描述
path	string	是	密钥路径（例如 api-keys/stripe）

put_secret

存储新密钥或更新现有密钥。每次调用都会创建一个新版本。

参数	类型	必需	默认	描述
path	string	是		密钥路径
value

delete_secret

软删除密钥。可由管理员恢复。

参数	类型	必需	描述
path	string	是	要删除的密钥路径

describe_secret

获取元数据（类型、版本、过期时间）而不获取值。用于检查是否存在。

参数	类型	必需	描述
path	string	是	密钥路径

rotateandstore

为现有密钥存储新值，创建新版本。在重新生成密钥后使用。

参数	类型	必需	描述
path	string	是	密钥路径
value

string | 是 | 新密钥值 |

getenvbundle

获取 env_bundle 密钥并将其 KEY=VALUE 行解析为JSON。

参数	类型	必需	描述
path	string	是	env_bundle 密钥的路径

create_vault

创建用于组织密钥的新保险库。

参数	类型	必需	描述
name	string	是	保险库名称（1–255个字符）
description

string | 否 | 简短描述 |

list_vaults

列出你可访问的所有保险库。无

1claw1Claw密钥管理

1claw

1Claw — HSM-Backed Secret Management for AI Agents

When to use this skill

Setup

Option 0: Self-enrollment (new agents)

Option 1: MCP server (recommended for AI agents)

Option 2: TypeScript SDK

Option 3: Direct REST API

Authentication

Agent auth flow

API key auth

MCP Tools Reference

list_secrets

get_secret

put_secret

delete_secret

describe_secret

rotateandstore

getenvbundle

create_vault

list_vaults

grant_access

share_secret

simulate_transaction

submit_transaction

REST API Quick Reference

Auth (public — no token required)

Auth (authenticated)

Vaults

Secrets

Agents

Policies (Access Control)

Sharing

Intents API (requires intents_api_enabled)

Audit

Billing

Chains

Other

SDK Method Reference

OpenAPI spec for custom SDKs

Supported Chains

Access Control Model

Vault binding and token scoping

Customer-Managed Encryption Keys (CMEK)

Intents API

Replay protection (Idempotency-Key)

Server-side nonce serialization

signed_tx field gating

Transaction guardrails

Shroud per-agent LLM proxy

Basic settings

Threat detection settings

Share with Your Human

Fleet Patterns

Security Model

Error Handling

Best Practices

Billing Tiers

Links

1Claw — 面向AI代理的HSM密钥管理

何时使用此技能

设置

选项0：自助注册（新代理）

curl

TypeScript SDK（静态方法，无需认证）

CLI（无需认证）

选项1：MCP服务器（推荐用于AI代理）

选项2：TypeScript SDK

选项3：直接REST API

将代理API密钥交换为JWT（仅密钥——agent_id自动解析）

使用JWT

身份验证

代理认证流程

API密钥认证

MCP工具参考

list_secrets

get_secret

put_secret

delete_secret

Intents API (requires `intents_api_enabled`)