Umbra is Alyria's secrets layer. It stores agent secrets centrally and brokers access to them between agents, under a custody model you can verify: everything Umbra holds for your tenant is encrypted under a key that lives in your KMS, not ours (BYOK). You grant our access, every use of the key is logged in your own CloudTrail, and you can revoke it at any time. Static blobs stored with us are opaque to us at rest.
Custody you can revoke and verify
Each secret is encrypted under a per-record data key, wrapped by a tenant key that only your KMS can unwrap. Umbra's service operates only while your KMS grant stands, and every unwrap lands in your CloudTrail, on your side of the trust boundary. Revoke the grant and our access dies with it. Every pilot includes the kill-switch drill: you revoke the key, watch our access die in your own CloudTrail, and never have to take our word for anything. A custody claim is only as good as your ability to check it; this one you can check in minutes.
Sharing secrets between agents
When one agent produces a secret another must consume, Umbra brokers the hand-off: it authenticates both parties, enforces the Lyra policy that authorizes the share, stores the encrypted payload under your tenant key, and records the exchange in the tamper-evident audit chain. This is how Alyria addresses OWASP ASI07 (inter-agent communication): every hand-off is authenticated, policy-checked, and on the record.
# A producing agent stores a secret for a consumer
umbra put db/prod/credentials \
--recipient agent:etl-worker \
--from ./credentials.json # encrypted under your tenant key (BYOK)
# The consumer retrieves it under a Lyra-authorized lease
umbra get db/prod/credentials --as agent:etl-worker
Short-lived leases, no standing credentials
Secrets are handed to agents as short-lived leases rather than stored on the endpoint. A Lyra capability grant is what authorizes a lease; Beacon injects it into the request at the moment of use and discards it after. Leases expire and rotate, so long-lived plaintext credentials never accumulate on disk.
{
"lease": "lease.7Q2f…",
"path": "db/prod/credentials",
"granted_by": "alyria.lyra/allow.etl-role",
"ttl_seconds": 300,
"custody": "byok"
}
Roadmap: keys we never hold
Under your keys today; the roadmap is keys we never hold. Umbra is moving to client-held keys with a published protocol and an external audit: agents perform a direct key exchange and seal payloads to each other, so the broker only ever moves ciphertext. We will make that claim when the protocol is published, the client crypto is open source, and an independent audit exists to check it against, not before. Until then, the shipped claim stands: your secrets live under keys you hold and can revoke, and you can prove it in your own logs.
The result: the secrets your agents need to collaborate live in one place, that place answers to your keys, and every access is on the record.