# Agent Nonce > Just-in-time credential service for AI agents. Generates one-time, scoped, time-expiring tokens agents use to call APIs — so long-lived secrets never live in agent runtimes or prompts. ## Product Agent Nonce issues short-lived cryptographic tokens ("nonces") that AI agents use in place of real API keys. Nonces are scoped to specific services and operations, have TTLs from 30 seconds to 60 minutes, and are permanently deleted when they expire. Real credentials live in Agent Nonce's encrypted vault — agents never receive them directly. **Value proposition:** API keys that expire. Built for AI agents. **Problem solved:** Security teams are blocking AI agent deployments because there is no safe model for giving agents credentials. Embedding API keys in system prompts means one leaked conversation = permanent credential exposure. Agent Nonce provides just-in-time, scope-limited tokens as a secure alternative. ## How It Works 1. Register your services (AWS, GCP, Stripe, GitHub, etc.) with Agent Nonce. Real credentials live in the vault. 2. Before an agent task, request a nonce: `nonce.create({ service: "stripe", scope: "read:customers", ttl: "5m" })` 3. Agent receives a scoped, time-limited token. Makes authorized API calls. 4. TTL expires. Nonce is cryptographically revoked and permanently deleted. Nothing persists. ## Pricing - **Free:** 10,000 nonces/month, basic activity log - **Pro:** $49/month, 1M nonces/month, full audit logs (90-day), per-agent rate limits, webhook alerts - **Enterprise:** Custom, unlimited nonces, SIEM integration, SSO, dedicated vault infrastructure ## Supported Services AWS, GCP, Stripe, GitHub, Slack, OpenAI, Anthropic, Databricks, Snowflake, custom HTTP services. ## Security Model - Credentials encrypted at rest (AES-256), in transit (TLS 1.3) - Nonces are scoped — a token for `stripe:read:customers` cannot be used for write operations - Every nonce is tied to a requesting agent identity, task context, and timestamp for full auditability - SOC 2 Type II audit in progress ## Pages - Homepage: https://agentnonce.com - Pricing: https://agentnonce.com/pricing.html - Sign up: https://agentnonce.com/signup.html - About: https://agentnonce.com/about.html - Blog: https://agentnonce.com/blog/ - Privacy: https://agentnonce.com/privacy.html - Terms: https://agentnonce.com/terms.html ## Blog - Why AI agents should never hold long-lived API keys: https://agentnonce.com/blog/why-ai-agents-should-never-hold-long-lived-api-keys.html - Just-in-time credentials: the security model every AI agent deployment needs: https://agentnonce.com/blog/just-in-time-credentials-security-model.html - How to pass secrets to AI agents without putting them in the prompt: https://agentnonce.com/blog/how-to-pass-secrets-to-ai-agents.html - The credential exposure surface area of a typical AI agent deployment: https://agentnonce.com/blog/credential-exposure-surface-area.html - Zero-trust principles for AI agent authentication: https://agentnonce.com/blog/zero-trust-principles-ai-agent-authentication.html ## Contact hello@agentnonce.com