Own your agent secrets — your AI agent holds a scoped, single-use lease, never the raw API key. strongroom injects the real secret only at egress, so a leaked prompt or poisoned tool can't leak a credential. Encrypted vault · tamper-evident audit · zero deps · MCP server included. Part of Own Your Agent Security (redstamp · truecopy · strongroom).
> _strongroom — **own your agent secrets**. An encrypted vault that hands agents scoped, short-lived, single-use leases instead of raw keys. Part of **[Own Your Stack](https://github.com/askalf)** — own your AI infrastructure instead of renting it by the token._ > _**Formerly `keeper`.** Renamed to `strongroom` for the npm release; the GitHub repo redirects and the legacy `keeper` CLI alias keeps working. `KEEPER_*` env vars and the `~/.keeper` home directory are unchanged for compatibility._