cloud agents

Your agent runs in the cloud.
Your keys shouldn't.

When your AI agent runs on a VPS, a container, or a managed platform, your API keys are sitting on infrastructure you don't fully control. Strake keeps them in an encrypted vault and gives your agent a disposable URL instead.

Create your first endpoint Read the docs

/01 the problem

Cloud-hosted agents have a credentials problem.

When you deploy an agent to the cloud, your API keys end up in places you can't fully secure — env vars on shared machines, container images that get cached, deployment configs on platforms you don't own, logs and crash dumps you never see. Each one is a leak surface. And if a key leaks, revoking it means redeploying every agent that uses it.

/02 how it works

Three steps. One environment variable.

Store your real API key in Strake

Encrypted at rest with AES-256-GCM. Never written to the host machine. Never shown again after you paste it in.

Give your agent a Strake URL instead

Works exactly like calling the provider directly — same SDK, same request format. One environment variable swap is the entire integration.

Revoke any time without redeploying

Kill one agent's access in seconds. Every other agent keeps working. Your real key is never touched.

/03 the change

One environment variable. That's it.

before real key on the server

# Sitting in env vars on infrastructure you don't fully control.

ANTHROPIC_API_KEY=sk-ant-real-key...

after disposable token, key stays in the vault

# Your real key never touches the host machine.

ANTHROPIC_API_KEY=ct_live_7a3f...

ANTHROPIC_BASE_URL=https://abc.strake.sh/v1

/04 compatibility

Runs anywhere your agent does.

Tested on

Lightsail Railway Fly.io Render DigitalOcean Any VPS Docker Kubernetes

/05 ship it

Deploy agents without
deploying credentials.

Your real API keys stay in the vault. Your agent gets a disposable URL. Leaked token? Revoke in seconds — no redeploy, no scramble.