TL;DR: FOKS’s end-to-end encrypted KV store is a simple, secure way to manage API keys for AI agents
AI agents need API keys. Most of those keys end up in .env and .json files.
They get committed to repos, shared over Slack, and live long,
happy plaintext lives on shared servers. Cloud secret managers (AWS, GCP, etc.) might help but feel too
heavyweight and corporate for many new AI applications (think: various
claws).
FOKS lets you do better than YOLO without going super-heavy. It’s end-to-end encrypted by default, simple to use, works across machines and teams, and doesn’t lock you in long-term.
Setup
Install the CLI then:
foks signup # pick foks.app as your server
That’s it, now store some secrets.
Store your API keys
The KV store uses a filesystem-like hierarchy. Storing and retrieving keys is one command each:
# store keys
foks kv put /agents/openai "sk-proj-abc123..."
foks kv put /agents/anthropic "sk-ant-xyz789..."
cat apikey.txt | foks kv put /agents/serp
# retrieve a key
foks kv get /agents/openai
# organize by project and environment
foks kv put --mkdir-p /prod/search-agent/serp-api "..."
foks kv put --mkdir-p /prod/search-agent/openai "..."
foks kv put --mkdir-p /staging/code-agent/anthropic "..."
# browse what you have
foks kv ls /prod/search-agent/
Everything is encrypted client-side with NaCl and ML-KEM before it touches the network. The server never sees key names or values.
Wire it into your agents
The simplest approach is to inject keys as environment variables:
#!/bin/bash
export OPENAI_API_KEY=$(foks kv get /prod/orchestrator/openai)
export ANTHROPIC_API_KEY=$(foks kv get /prod/orchestrator/anthropic)
export SERP_API_KEY=$(foks kv get /prod/orchestrator/serp)
python run_agents.py
Or call foks directly from Python:
import subprocess
def get_secret(path: str) -> str:
result = subprocess.run(
["foks", "kv", "get", path],
capture_output=True, text=True, check=True,
)
return result.stdout.strip()
openai_key = get_secret("/prod/orchestrator/openai")
anthropic_key = get_secret("/prod/orchestrator/anthropic")
For Docker and CI/CD, FOKS has bot tokens. These are compact bearer-token-like credentials you can pass to headless environments. Generate one from your local machine:
foks bot new
# outputs: a428e.ABERee949038eEr
Then use it in a container. Pass the token as a secret (via your orchestrator, Docker secrets, etc.), and authenticate at startup:
FROM python:3.12-slim
RUN apt-get update && apt-get install -y curl \
&& curl -fsSL https://pkgs.foks.pub/install.sh | sh
COPY . /app
WORKDIR /app
CMD ["sh", "-c", "\
foks ctl start && \
foks bot use && \
export OPENAI_API_KEY=$(foks kv get /prod/agent/openai) && \
python agent.py"]
The bot token is resolved from the FOKS_BOT_TOKEN environment variable
automatically, so you just need to inject it at runtime:
docker run -e FOKS_BOT_TOKEN="a428e.ABERee949038eEr" my-agent
The same pattern works in CI. Store the token in your CI system’s secrets,
export it as FOKS_BOT_TOKEN, and foks bot use picks it up.
Share keys across a team
Create team for your human and agentic collaborators. Each team gets its own KV-store namespace.
# create a team
foks team create agent-infra
# store keys under the team
foks kv put --team agent-infra /keys/openai "sk-proj-..."
foks kv put --team agent-infra /keys/anthropic "sk-ant-..."
# any team member can retrieve them
foks kv get --team agent-infra /keys/openai
The role hierarchy (owner > admin > member) controls who can read and write. And since FOKS is federated, teams can span multiple servers.
Rotate a key
When you rotate an API key, the update is one command and every agent picks up the new value on its next run:
foks kv put /prod/orchestrator/openai "sk-proj-NEW-KEY..."
Security
Your agents still have access to API keys, so FOKS won’t prevent a compromised agent from leaking keys or permissions to an attacker. But FOKS gives plenty of security advantages relative to the “store them in my homedir in JSON” plan:
- No plaintext on disk: an exfiltrated FS won’t reveal secrets.
- End-to-end encryption: a compromised server can’t read your secrets.
- Per-device keys: revoke a device, and affected user and team keys rotate automatically, preventing revoked devices from accessing new secrets.
- Secure team member removals: remove a member from a team, and cut off their access to all team secrets they didn’t already have.
- Post-quantum crypto: Curve25519 + ML-KEM-768, so you’re covered against both classical and quantum attacks.
- Merkle tree verification: clients detect server tampering and rollback attempts.
Self-host when you’re ready
Start with the hosted service at foks.app. When you need full control, it’s easy to stand up your own server. FOKS is written in pure Go, with a single Postgres dependency, deployable via Docker Compose or systemd. Everything is MIT-licensed. Your secrets move to your infrastructure, behind your firewall, without vendor lock-in.
Give it a try: foks.pub | docs | GitHub
✌️️ Max 🔑