Features

Everything you need to manage client credentials securely — encryption, integrations, team roles, and compliance.

Tenant-Bound Encryption

AES-256-GCM encryption with additional authenticated data (AAD) tied to clientId:app. Versioned keys with tested rotation. Impossible to use one client's key for another — tenant isolation is cryptographic.

Resource Allowlists

Define exactly which Slack channels, GitHub repos, or Supabase tables an agent can access. Admin UI for policy management. Every MCP tool call is checked against the allowlist — no policy, no access.

21+ Integrations

Slack, GitHub, Notion, HubSpot, Stripe, Supabase, Airtable, Linear, Shopify, Monday, Discord, SendGrid, MailerLite, Meta, Google Ads, Vercel, Railway, Cloudflare, Typeform, Google Sheets, Sentry — and more. OAuth or token-based connection.

Usage Metering

Track API calls per client, per app. See what's being used and when. Built-in usage dashboard for you and your clients. Know which integrations are active and which are idle.

Team Roles

Owner, Admin, Member, Viewer roles with granular permissions. Invite team members to manage connections together. Control who can add connections, invite others, or view audit logs.

Health Monitoring

Automated connection health checks every 6 hours. Get email alerts when credentials expire or fail. Never miss a broken integration — fix issues before clients notice.

Webhook Support

Receive events from Slack, GitHub, Notion, HubSpot, Monday, Stripe, and more. Signature verification, retry logic, and delivery tracking included. Forward events to your own endpoints with HMAC-signed payloads.

CLI for Automation

Manage clients, policies, and connections from the terminal. Script onboarding flows. npm install -g keygent-cli — create portal tokens, set policies, and integrate with your deployment pipeline.

View CLI docs →

Security Hardened & Compliance Ready

Credentials encrypted at rest (AES-256-GCM). Tokens and secrets hashed, never stored in plaintext. Rate limiting, CSP, HSTS, and timing-safe auth. GDPR & CCPA compliant with DPA template, 72-hour breach notification, audit logs, and documented incident response.

Privacy policy → · DPA →

Ready to get started?

Get secure, auditable, revocable access to client tools — built for agencies and AI agents.

Get Started