Credential infrastructure for AI agents

One API key. Scoped sessions with call caps and budgets. Full observability over every vendor call your agents make.

Get Started

Three steps. Two line changes.

01

Connect vendor keys

Store your Anthropic, OpenAI, and Resend API keys. Encrypted at rest with AES-256-GCM.

02

Create scoped sessions

Define permissions, call caps, budgets, and TTLs. Each session gets a short-lived JWT.

03

Route through the proxy

Change two lines in your existing code. Kairn handles credential swapping, enforcement, and logging.

Zero SDK adoption barrier

// Before — direct vendor access
const anthropic = new Anthropic({
apiKey: "sk-ant-...",
});
// After — routed through Kairn
const anthropic = new Anthropic({
apiKey: sessionToken,
baseURL: "https://proxy.kairn.dev/anthropic",
});

Every major vendor SDK accepts a custom baseURL. No new SDK to learn.

Built for control

Session enforcement

TTL, per-permission call caps, and budget limits — atomically enforced on every request via Redis Lua scripts.

Budget tracking

Real-time cost tracking in integer cents. Two-phase enforcement for LLM calls, single-phase for transactional APIs.

Vendor support

Anthropic, OpenAI, and Resend out of the box. Credential encryption at rest. Sub-10ms proxy overhead at the edge.

Full observability

Every call logged with vendor, model, token counts, cost, and latency. Dashboard with spend charts and session drill-downs.