TheazoTheazo
Get Started

Security

Multi-tenant isolation, encrypted secrets, and provider-level sandboxing.

Isolation model

Theazo enforces isolation at three levels. Each level is independent — a breach at one layer does not compromise others.

  • Platform (API key) — every request is authenticated with an API key. Keys are hashed with SHA-256 and never stored in plaintext. Each key scopes access to a single platform (AgentCo account).
  • Session (userId) — within a platform, sessions isolate end-users from each other. Agents, logs, costs, and secrets are scoped to the session. AgentCo sees all users; each user sees only their own data.
  • Provider (sandbox/VM) — each agent runs inside its own isolated compute environment. E2B provides dedicated microVMs, Docker provides isolated containers, and Fly provides separate machines. No agent can access another agent's filesystem or network.

Secrets vault

Store credentials that agents need at runtime — API keys for third-party services, database passwords, tokens. Secrets are encrypted at rest with AES-256-GCM and derived per-platform using HKDF. Agents access them as environment variables (uppercased). Secrets are never logged and never included in snapshots.

secrets.ts
const session = await theazo.sessions.forUser(class="cb-str">'user_123')

// Set secrets — encrypted with AES-256-GCM, HKDF per-platform keys
await session.secrets.set({
  hubspot_api_key: class="cb-str">'hs_live_abc123...',
  stripe_secret: class="cb-str">'sk_live_xyz789...',
  database_url: class="cb-str">'postgresql://user:pass@host/db'>//user:pass@host/db',
})

// Agents access secrets as uppercase env vars:
// process.env.HUBSPOT_API_KEY  → 'hs_live_abc123...'
// process.env.STRIPE_SECRET    → 'sk_live_xyz789...'
// process.env.DATABASE_URL     → 'postgresql://user:pass@host/db'

Listing secrets

You can list secret names to verify what is configured for a session. The API returns names only — values are never returned.

list-secrets.ts
const secrets = await session.secrets.list()

console.log(secrets)
// ['hubspot_api_key', 'stripe_secret', 'database_url']
// Values are NEVER returned by the API

Deleting secrets

Remove a secret when it is no longer needed. Running agents will lose access to the environment variable on their next boot (existing processes are not affected mid-run).

delete-secrets.ts
await session.secrets.delete(class="cb-str">'hubspot_api_key')

// The secret is permanently removed.
// Running agents retain the env var until they restart.

Provider isolation

Every agent runs in its own isolated compute environment. The level of isolation depends on the provider, but all providers guarantee filesystem and network isolation between agents.

Provider
Isolation
Details
E2B
Dedicated microVM
Full hardware-level isolation. Separate kernel per agent. Firecracker-based.
Docker
Isolated container
Namespace isolation, separate filesystem, network. Shared kernel.
Fly
Separate machine
Full VM-level isolation. Dedicated machine per agent. Regional deployment.
Secrets are encrypted with AES-256-GCM. Per-platform derived keys via HKDF. Values are never returned by the API.

Method reference

session.secrets.set(secrets)Promise<void>Set one or more secrets. Values are encrypted with AES-256-GCM.
session.secrets.list()Promise<string[]>List secret names. Values are never returned.
session.secrets.delete(name)Promise<void>Permanently delete a secret by name.
PreviousObservability
Was this page helpful?
Ask anything...⌘I