Built for teams running AI agents

Centralized secret access for humans and agents, controlled in seconds.

Secrevo gives the person responsible one place to control who has access to what — pause, revoke, or grant time-bound access instantly, and reduce breaches without slowing the team down.

Start free — 3 identities forever Read the docs

2 minto fully offboard a contractor
< 5 minfrom signup to first agent shipping with a real key
4-hour TTLon the Saturday-night EC2 grant — expires on its own

Replaces

.env files passed around in DMs
API keys pasted in Slack and Notion
Manual copy-paste from 1Password into agents
That one spreadsheet of who-has-what

Built for the person who signs the contract

You answer "who has access to what?" in 30 seconds. Without writing HCL.

Secrevo is designed for the team owner first — the admin who signs, who needs control, who carries the risk. Engineers and agents are first-class users, but the buying decision belongs to the person who can't sleep when a freelancer leaves on a Friday.

Owner

Control without writing policy code

One screen tells you who has access to what — humans and agents in the same view. Click to revoke. Filter by person to see everything they touch. No HCL, no JSON.

Team

Faster than the workaround

Engineers ship a new agent with a real key in under five minutes. The CLI keeps the secret out of disk, env files, and the LLM context window — without slowing anyone down.

Agents

Sub-100ms, typed, predictable

The Python SDK has three retrieval modes (value, value + context, agent context) and native wrappers for OpenAI, Anthropic, Stripe, AWS, and GitHub so the secret never enters the model context.

How it works · three live previews

The product, not a teaser. Click anything below.

These previews run locally in your browser with Secrevo's real surfaces and real defaults. Numbers reflect production behavior; identities are illustrative.

Live preview · click any cell

Who has access to what — at a glance

One grid. Humans and agents in the same view. Click any cell to grant, revoke, or set a temporary 4-hour TTL. Every change goes into the audit log with a full authority chain.

Active Temporary · TTL No access

Identity	OPENAI_API_KEY prod	STRIPE_LIVE_KEY prod	EC2_PROD_SSH_KEY prod	GITHUB_TOKEN shared
María Otero Owner
Carlos Pena Admin
Pedro Vázquez Engineer
Ana Costa Contractor
support-bot Agent · Pedro
facturas-bot Agent · Ana

Live preview · pick a surface

CLI-first. SDK-pure. Agents safe by default.

The CLI runs commands without ever writing secrets to disk. The SDK exposes three modes (value, value + context, agent context). Native wrappers for OpenAI, Anthropic, Stripe, AWS, and GitHub keep the secret out of the LLM context window.

secrevo run -- python agent.py

Live preview · click to run

A contractor leaves on a Friday. You're done before the weekend.

Offboarding is one click. Secrevo pauses every agent the person owns, revokes every grant inherited through groups, surfaces the exact list of secrets to rotate, and seals a receipt you can hand to anyone who asks.

01
Map every grant, group, and agent 17 references found
0.4s
02
Pause Ana's agents facturas-bot · invoices-pipeline
0.6s
03
Revoke direct grants and group memberships 12 grants · 3 groups
0.5s
04
Suggest secrets to rotate OPENAI_API_KEY · GITHUB_TOKEN · HUBSPOT_API_KEY
0.3s
05
Seal an offboarding receipt audit event #ofb-2026-05-08-ana sealed
0.2s

In production

Used in production by our own teams from day one.

Three internal companies run on Secrevo from the first commit. Public design partners join at full price — no founder discounts, no fake logos.

Internal Co · 1
Internal Co · 2
Internal Co · 3
Your team here

Logos are placeholders for the three dogfooding companies and design partners; real marks ship as the partners come on the record.

Pricing

Public, flat per team, predictable.

Free is permanent. Growing inside a plan never costs more. You only pay more when you cross the included identity ceiling or step up a plan. Annual billing is 10 months upfront — same product, two months off.

Free

For individuals, hobbyists, and tiny teams. Permanent — no trial.

$0 Free forever

Included identities 3 identities

Above the ceiling —

CLI + Python SDK
1 workspace · 2 projects
7-day audit log

Start free

Team

Recommended

The default plan. Real permissions, groups, delegation, temporary access.

$39/mo $390/yr · save 17%

Included identities 25 identities

Above the ceiling +$2/mo per extra identity

Visual who × what matrix
Groups, delegation, templates
Temporary access with TTL
30-day audit log

Start Team · monthly Annual

Business

For teams with formal ops, broader headroom, and tighter approvals.

$129/mo $1,290/yr · save 17%

Included identities 100 identities

Above the ceiling +$1.50/mo per extra identity

Configurable approval workflows
Advanced expiration alerts
Metadata-rich search
90-day audit log

Start Business · monthly Annual

Enterprise

Dedicated instance or self-hosted. SSO, year-long audit, signed SLA.

From $1,500/mo Custom annual

Included identities No contractual limit

Above the ceiling Included

SSO (SAML / OIDC)
Dedicated or self-hosted
Signed SLA + account manager

Contact sales

No reimbursements; cancel or downgrade takes effect at the end of the billed period. Identities suspended on downgrade are preserved — reactivate any time.

When something breaks

Built like the product we wish other people built for us.

Audit log retained per plan. AWS KMS-backed at-rest encryption. TLS 1.3 on the wire. Triple-encrypted snapshots. Disaster recovery with a written runbook tested in staging. [email protected] for responsible disclosure.

Start free Read the docs