Quickstart Guide
Follow these steps to secure your first API key and route a request through the Ephos Identity Broker.
01 Create Your Vault
Sign in to the Ephos Dashboard. Upon your first login, you will be prompted to create a Master Passphrase. This passphrase is used to derive your encryption keys locally; it is never stored on our servers.
02 Add a Phantom Key
Navigate to the Identity Broker tab and click "Add Key." Paste your raw API secret (e.g., an OpenAI key) and give it a label. Your browser will encrypt the key before it is sent to our Zero-Knowledge Vault.
03 Mint an Ephos Token
Click on your new Phantom Key and select "Mint Token." Define the allowed domains and generate a Token Secret (ps_xxx). The Ephos Token acts as the agent identity, while the Token Secret authorizes delegated execution through the Ephos Enclave without ever exposing the underlying master API key.
- Allowed Domains:
api.tavily.com - Token ID:
et_live_... - Token Secret:
ps_live_...(Save this!)
04 Route a Request
To use the proxy, send a POST request to the Ephos Execution Gateway. The gateway validates the token identity, retrieves the encrypted Phantom Key, and executes the outbound request inside the Ephos Enclave.
Your agent never receives the underlying OpenAI, Stripe, or Tavily API key directly. Even if the agent runtime is compromised, the master credential remains isolated behind scoped proxy execution.
05 Verify Audit Logs
Go to the Audit Logs tab in the dashboard. You should see a new entry showing the successful proxy execution, including the specific Ephos Token used and the destination domain.