Skip to content
APG · PreventionAgent Policy Governance
Agent secrets

Umbra

Secrets under your keys

Secrets and fleet data under your keys, moving toward keys we never hold.

Under your keys today; the roadmap is keys we never hold, on an externally audited protocol.

What it does

Fleet data and secrets are encrypted under an envelope key we hold and delete on account termination or request, which makes them permanently unreadable, a crypto-shred with nothing to configure. Static blobs stored with us are opaque to us at rest. Enterprises can bring their own KMS key (BYOK): revoke it and watch our access die in your own CloudTrail. The roadmap moves toward keys we never hold, on an externally audited protocol.

  • Encrypted by default under an envelope key we delete on account termination or request, a crypto-shred.
  • Static blobs stored with us are opaque to us at rest.
  • Roadmap: client-held keys with an externally audited protocol.
Where it fits

One module of the Alyria platform.

Umbra works alongside the rest of Alyria — prevention and detection for every AI agent your people run, tied together by one policy engine and one signed audit chain.

See how the whole platform fits together

Put Umbra to work.

Deploy Beacon read-only and see how Umbra fits at the endpoint, under your keys.