BitterPass — Credentials sealed by you, served to your agents

Your credentials, sealed by you, served to your agents.

BitterPass is a zero-knowledge credential service for humans and the agents they trust. You hold the master secret. The server holds ciphertext. Every read is signed, scoped, and audited.

Built for fleets that can no longer treat secrets as environment variables.

Vault was built for humans running infra. Doppler was built for app secrets. Nothing was shaped for human-authorized, agent-executed, ephemeral, zero-knowledge.

BitterPass is that shape.

Zero-knowledge by construction

BitterPass never sees your plaintext. The server stores ciphertext, key wraps, and verifiers. A full server compromise leaks who-asked-for-what-when, not the secrets themselves.

Humans and agents, same vault

A passkey opens the human console. An Ed25519 runner identity opens the agent surface. One vault, two trust paths, no shared bearer token sitting in CI.

Audit every touch

Every read, write, and rotation lands in an append-only audit chain — locally first, mirrored to the service second. You can replay exactly what an agent saw, and when.

Three boundaries, one vault.

The plaintext lives only between your master secret and the agent run that needs it. Everything in between is ciphertext, signatures, and audit.

You hold the Master Secret.

Generated once, derived through Argon2id, never transmitted. The vault unwraps locally; the service only ever sees ciphertext.

The server stores only the envelope.

Records arrive as XChaCha20-Poly1305 envelopes with attached audit events. Two-phase atomic mirror writes mean no half-committed state — the server either has the whole record or none of it.

Agents get scoped, sealed bundles per run.

A runner authenticates with its Ed25519 key, the service hands it a single sealed credential bundle for the run. Bundle expires with the run. Nothing lingers in env or shell history.

Boring, conservative cryptography. Loud, opinionated operations.

The primitives are ones you already trust. The shape around them is where BitterPass earns its keep.

EnvelopeXChaCha20-Poly1305 with per-record nonce

Key derivationArgon2id over the master secret + per-vault salt

Runner identityEd25519 keypair, signed request envelopes

Human gatewayWebAuthn passkey, no shared password ever

Storage shapeTwo-phase atomic mirror writes — no divergent committed state

AuditAppend-only chain, hash-linked, locally then service-mirrored

RecoveryPaper recovery code + sealed recovery package

HostingOwn failure domain. Own small Hetzner box. Not on Factory or Grid.

For builders who already know that secrets in env was a temporary truce.

Solo builder

Running agents that touch your accounts.

Stop pasting API keys into yet another shell rc. Seal them once, hand each agent run only the credentials it actually needs.

Small team

Sharing credentials without sharing a single bearer token.

Each member opens the vault with their own passkey. Each runner gets its own Ed25519 identity. Rotate without coordinating six humans.

AI ops engineer

Auditable credential surface for an agent fleet.

Per-run sealed bundles, append-only audit chain, and idempotent two-phase writes are the substrate you wished CI/CD had ten years ago.