# Overview
toani Vault is a zero-trust credential vault designed by toani.ai for AI Agents. It enables AI Agents to safely access services that require credentials on behalf of users, while guaranteeing that plaintext credentials never leave the TEE hardware security environment.
> Ready to get started? Jump to the [Integration Guide](/toani-vault/getting-started.md).
## Core Capabilities
| Capability | Description |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **TEE Isolated Execution** | All credential decryption operations are completed within Intel SGX hardware enclaves; platform operators and servers cannot access plaintext |
| **AES-256-GCM Encryption** | Each credential uses an independently derived key bound to SGX hardware, employing a four-layer key hierarchy |
| **Tamper-Proof Audit Trail** | All access records are written to immudb and verify integrity using Merkle Tree, meeting SOC 2 and GDPR compliance requirements |
| **TEE Sandbox Browser** | A Chromium browser runs in isolated fashion within the TEE, with a built-in AI operation review engine supporting screenshots and structured data export |
| **zkMe Credential Management** | Securely stores zkMe-issued W3C Verifiable Credentials (zkKYC, MeID, zkPoL, zkPoA, zkPoAI, AMLMe, zkKYB, zkKYA, and more); supports directed presentation to third-party services inside the TEE |
| **Zero-Knowledge Architecture** | Agents receive only task results and never touch user passwords |
## How It Works
toani Vault follows the design philosophy: "Agent is the brain, toani Vault is the hands."
Agents are responsible for planning tasks, breaking down steps, and evaluating results. toani Vault handles executing each credential-dependent operation within the TEE secure environment. Agents receive only operation results throughout and never touch user passwords.
toani Vault manages two major credential categories, both protected by the same four-layer key hierarchy: **Traditional credentials** (username\_password, api\_key, oauth\_refresh, etc.) are injected into browser forms, while **zkMe Credentials** (W3C Verifiable Credentials covering zkKYC, zkPoAI, AMLMe, zkKYA, and other compliance scenarios) are presented to third-party verification services with domain allowlist and field-leakage protection inside the TEE.
## Use Cases
| Scenario | Typical Tasks |
| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Financial Services** | Bank account balance queries, brokerage transaction downloads, cryptocurrency platform operations |
| **Government & Tax** | Tax filing, government system login, social insurance queries |
| **Healthcare** | Hospital appointment booking, insurance claim status tracking |
| **Enterprise SaaS** | GitHub, AWS, Stripe and other platforms automated operations |
| **E-commerce & Logistics** | Order status tracking, refund requests, logistics information integration |
| **Digital Identity & Compliance** | Presenting zkMe Credentials (zkKYC/AMLMe/zkPoAI/etc.) to banks and exchanges, cross-border identity verification, AI agent authorization (zkKYA) |
## toani Vault in toani.ai
toani Vault is the **credential security layer** in toani.ai's trust infrastructure, addressing AI Agent credential security at the execution level.
toani.ai's three products answer one core question each:
| Product | Core Question | Key Technology |
| ------------------------------------------------- | --------------------------------------------- | --------------------------------------------------------------------------- |
| **toani Vault** | How can an Agent safely authenticate itself? | TEE isolated execution, AES-256-GCM encryption, zero-knowledge architecture |
| [toani Control](/toani-control/overview.md) | What is the Agent allowed to do? | Policy engine, risk stratification, HITL approval, cryptographic audit |
| [toani Facilitate](/toani-facilitate/overview.md) | Is this transaction compliant and authorized? | Bidirectional KYC/KYT, AP2 intent control, x402 on-chain USDC settlement |
The three products complement each other: Vault protects credential security, Control constrains execution boundaries, and Facilitate ensures transaction compliance. Enterprises can combine them as needed.
> For technical implementation details, see [Credential Stack Technical Architecture](/toani-vault/credential-stack.md).
## Differences from Other Products
toani Vault, toani Control, and toani Facilitate have design differences in TEE topology, key hierarchy semantics, audit signing, and storage approaches due to different business models. For the complete three-product comparison, see [toani.ai Platform Security Foundations, Section 6](/about-toani/platform-security.md#three-product-security-model-comparison).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.toani.ai/toani-vault/overview.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.