Automation
Secure handoffs for scripts, tools, and agents
Use the Shhhs API, CLI, and MCP-compatible workflows to create, request, and manage temporary secret handoffs without turning chat messages or logs into a credential store.
API
Create and manage supported secret-sharing workflows from your application. Authentication, scopes, rate limits, lifecycle controls, and error behavior are documented in the API reference.
- Authentication
- Scopes
- Rate limits
- Lifecycle controls
- Error behavior
CLI
Use terminal workflows for repeatable delivery and retrieval. Agent-safe modes should support local sources and destinations without printing plaintext to standard output.
- Environment variables
- Files
- Dotenv entries
- Clipboard or file output
- No plaintext stdout
MCP-compatible workflows
Allow approved agent tools to coordinate a handoff while limiting where plaintext may appear. A workflow is only described as agent-safe when the deployed client, server, logs, and destination behavior have been verified.
- Approved agent tools
- Controlled handoff
- Verified client, server, logs, and destination behavior
Security rules for automation
Automation should keep service credentials scoped, short-lived, quiet in logs, and separated from human login.
- Scope every service credential
- Use short expiration by default
- Avoid plaintext command-line arguments
- Do not print secrets to logs or model transcripts
- Rotate and revoke service credentials
- Keep automation identities separate from human login
FAQ
Build a safer delivery step?
View API, CLI, and MCP options.