Agents work.
Secrets stay.
Your wallet keys and API tokens never leave your laptop. Agents request access, you approve from your phone. They get results — never the raw secrets.
Keys never leave your device
Telegram notifications
Cap the maximum damage
TradingAgent
wants to sign a transaction
Works with
Stop putting secrets in .env files
One prompt injection. One rogue agent. Game over.
Today
With DCP
Takes 5 minutes to secure your agents.
Add once. Use everywhere.
Your wallets, API keys, and identity sit in DCP. Claude, Cursor, OpenClaw, Hermes, LangChain — they all pull from it. Add an OpenAI key once, every agent uses it. Rotate it once, every agent gets the new one.
DCP
Your secrets, encrypted
Add once. Works everywhere.
How it works
From zero to secure in 4 steps
Solana Wallet
7xKp...3nMq
OpenAI API
sk-proj...8x2f
Anthropic
sk-ant...4k9p
One place for everything
Wallets. Keys. Identity. Custom fields.
Crypto wallets
Solana, Ethereum, Base. Generate or import.
API keys
OpenAI, Anthropic, Stripe, AWS...
Identity data
Passport, address, phone, email.
Custom fields
Whatever else your agents ask for.
Add once. Use everywhere.
What happens when something goes wrong
Most "secure" tools fall apart the moment you actually get attacked. DCP is built for that moment.
Scenario: Your .env file leaks
You lose a budget. Not your wallet.
Different agents. Different rules.
Your trading bot can sign Solana up to 2 SOL/day. Your research agent can read API keys but never sign anything. Cursor gets nothing it doesn't ask for. You decide.
Select an agent to see its permissions
TradingAgent
VPS trading agent
Read Only
Agent can read but not modify
Rate Limited
Daily spending caps
Full Access
Requires your approval
Get started in 3 steps
Download the desktop app, connect your agents, and you're ready to go.
Install the app
Download for your OS. Set password, write down recovery phrase.
Connect agents
Claude/Cursor: one-click. VPS: one command. Custom: SDK.
Run
Bot makes a request. Phone buzzes. Tap approve. Done.
For VPS/remote agents:
npx -y @dcprotocol/proxy --pair <token>FAQ
Honest answers. No marketing speak.
Yes. Desktop app, SDK, source — free forever for individuals. We'll sell hosted relay and team features later. You won't be the customer.
On your laptop. Encrypted with XChaCha20. Master key lives in your OS keychain. We never see your keys — they never leave your machine.
A multi-agentic wallet lets you set up one wallet and use it across multiple AI agents. DCP is the first multi-agentic wallet — connect Claude, Cursor, OpenClaw, and VPS bots to a single vault, control them all from one dashboard, and approve requests from your phone.
Yes. That's DCP's core feature. Set up your wallet once, then connect as many agents as you want — Claude, Cursor, OpenClaw, trading bots, custom agents. Each agent gets its own budget limit, but they all access your single secure vault.
Yes. DCP functions as a Solana agentic wallet that lets AI agents execute transactions with daily spending limits and phone-based approval. It also supports Ethereum and Base, plus API keys — making it the only tool that handles both crypto and API key security.
Solana, Ethereum, and Base. You can generate new wallets or import existing ones. All keys are encrypted locally — DCP is non-custodial.
DCP gives you one dashboard to manage all your AI agents. See which agents are connected, what they're requesting, set per-agent budget limits, and approve or revoke access instantly. One wallet, one dashboard, total control.
Set daily budget caps for each agent. If an agent tries to spend more than the daily limit, the transaction is blocked. This prevents runaway spending from compromised or misbehaving agents. Adjust limits anytime.
Worst case: attacker spends up to your daily cap before you wake up and revoke. Set the cap low enough that it's acceptable. That's the whole point of budget limits.
Yes. With .env files, agents read your keys directly — one prompt injection leaks everything. DCP encrypts keys locally and requires phone approval for each access. Agents never see raw keys.
Yes. Store any API key — OpenAI, Anthropic, Stripe, AWS, whatever. Your AI agents request access, you approve from your phone. The agent gets results, never the raw key.
Yes. MCP agents (Claude, Cursor) work natively with one click. OpenClaw, Hermes, ElizaOS use plugins. Custom agents need just three lines of SDK code.
Install the DCP plugin for OpenClaw. Your agent connects to your DCP vault and requests access to keys when needed. You approve via Telegram. No more plaintext secrets.
Yes. MCP servers have known vulnerabilities — over 42,000 exposed endpoints leaked credentials in 2026. DCP adds a security layer: even if your MCP server is compromised, attackers can't access raw keys.
DCP is local-first (keys never leave your device) with phone approval. Infisical and VaultAgent are cloud-based. DCP also handles crypto wallets — they don't. And DCP is free forever.
DCP is free and handles both crypto AND API keys. Turnkey and Cobo are enterprise-only, crypto-only, and Cobo holds a key share. DCP is fully non-custodial — you control everything.
Requests queue until you're back online. For 24/7 bots, just leave your laptop sleeping. No need to be unlocked.
Use your 12-word recovery phrase. If you lost both, we can't help — we're not a custodian.
Yes. The entire stack is open source under Apache-2.0. Self-host the relay if you want full control.
Export your data, uninstall. Your wallets, keys, everything — yours. No lock-in, no data hostage.