For AI agents
secr vs Doppler, Infisical, and Vault — for AI agents
Doppler, Infisical, and Vault are good products. They solve secrets management for humans and for CI/CD pipelines, which is most of what people need most of the time. They were not built for autonomous AI agents — and the primitives an agent needs (per-agent allowlist, tool-call gateway, approval queue, message redaction) aren't in any of them. This page lays out which features the four tools ship, side by side, so you can pick honestly.
Last updated 2026-05-10 · If we've mischaracterised one of these tools, email hello@secr.dev and we'll correct it.
The four products in scope
Doppler
Compare in detail →Engineer-friendly secret manager for human workflows + CI/CD.
Infisical
Open-source secret manager. Strong RBAC. Treats agents as service accounts.
Vault
Compare in detail →Heavyweight infrastructure: identity, PKI, transit, leases. Agents are workloads.
secr
Credential broker and tool-call governance, purpose-built for AI agents. Per-agent allowlists, MCP gateway, approval queues, and message redaction as primitives. Plus general-purpose secrets management.
Side-by-side feature comparison
| Feature | Doppler | Infisical | Vault | secr |
|---|---|---|---|---|
Per-agent secret allowlist Server-enforced list of keys a single agent token can read. Compromised agent only sees the allowlist. | — | — | Indirect (policies) | ✓ |
MCP gateway / tool-call governance Allow / deny / rate-limit / require-approval on outbound tool calls the agent makes. | — | — | — | ✓ |
Human-in-the-loop approval queue Pending tool calls block, surface to a dashboard / Telegram / webhook, consume one-shot grants atomically. | — | — | — | ✓ |
Message redaction (before_message_write) Strip known secret values from agent messages before they're persisted to the session log. | — | — | — | ✓ |
Native OpenClaw plugin Drop-in ClawHub plugin — no SDK glue code. | — | — | — | ✓ |
MCP server for Claude Code / Cursor / Continue Drop-in npm:@secr/mcp — works with every MCP-compatible client. | — | — | — | ✓ |
Shadow-agent detection Fingerprint OpenClaw / MCP user agents using personal CLI tokens; flag unmanaged deployments. | — | — | — | ✓ |
Conditional access (IP / time / user-agent) Pin agent tokens to IP ranges, business hours, required user-agent patterns. | — | — | Indirect (policies) | ✓ |
Free tier for AI agents Build with 1 agent, no card, no trial expiry. | Limited | Free tier exists | Self-host only | 1 agent, no card |
General-purpose secrets management Encryption, versioning, RBAC, environments, CI/CD injection. | ✓ | ✓ | ✓ | ✓ |
Honest framing
If your agents are well-behaved, internal, low-stakes: any of the four work. Inject an API key, run the agent, move on. The differences below only start to matter when something goes wrong — a misaligned model, a prompt injection, a token in a public repo, an agent that calls a tool it shouldn't.
If you're already running Vault for your platform: you can wire Vault policies tight enough to scope an agent to a few paths. You can't naturally do tool-call governance or approval queues — that's outside Vault's model. Most teams run secr alongside Vault: Vault for the platform, secr for the agent layer.
If Doppler or Infisical is enough: stay there. They are excellent products for what they do. The case for adding secr is specifically when you have AI agents in the loop and want the gate to be in the credential layer, not in the agent code.
What secr does that the others can't emulate easily: the per-agent allowlist is a primitive of the data model, not a policy you write. The MCP gateway runs in-line with the agent — the before_tool_call hook fires before the network call, so blocking is real, not a tripwire. The approval queue uses Postgres FOR UPDATE SKIP LOCKED so concurrent retries can't double-spend a single approval — you'd need to write this protocol yourself in any of the other tools.
60-second install
Free for 1 AI agent, no card. Pairs with whatever you're already running — secr only needs to broker the agent's credentials, not the rest of your stack.
# Claude Code, Cursor, Continue, Copilot
claude mcp add secr -e SECR_TOKEN=secr_agent_xxx -- npx @secr/mcp
# OpenClaw
openclaw plugins install npm:@secr/openclaw-plugin
Read next
Try it free for 1 agent
No card. Pairs alongside whatever you're already running.