Otorga
A consent layer for credentials.
Scripts, CI pipelines, and AI agents now reach for your live secrets constantly. The industry's answer is to hand them over automatically. Otorga's answer is to ask you - and make saying yes take one touch.
- Approve per access, not per session. A fresh hardware touch - YubiKey or Touch ID - for the secrets that matter. Unlocking once is not a blank cheque for everything that runs afterwards.
- See what's actually asking. Every request shows you the full process tree, not just the foreground app. Is this git being run by you, or by a subprocess of an agent?
- Local-first and self-hostable. Your secrets live where you put them. No account, no vendor in the trust path, nothing to pull out from under you.
- Built on primitives you already trust. git, SOPS, age, hardware keys. Auditable, boring, and yours - not an opaque vault you rent.
In early development
Join the waitlist to hear when it's ready. No spam, just one note at launch.