Skip to content
APG · PreventionAgent Policy Governance
The wedge

Umbra

Secrets under your keys

Secrets and fleet data under your keys, moving toward keys we never hold.

Under your keys today; the roadmap is keys we never hold, on an externally audited protocol.

What it does

Fleet data and secrets are encrypted under a key in your KMS, so stored blobs are opaque to us at rest. Revoke the key and you can watch our access die in your own CloudTrail. The roadmap moves from keys you can revoke to keys we never hold, on an externally audited protocol.

  • Fleet data encrypted under your KMS key; revoke it and verify in your own CloudTrail.
  • Static blobs stored with us are opaque to us at rest.
  • Roadmap: client-held keys with an externally audited protocol.
Where it fits

One module of the Umbra platform.

Umbra works alongside the rest of Alyria — prevention and detection for every AI agent your people run, tied together by one policy engine and one signed audit chain.

See how the whole platform fits together

Put Umbra to work.

Deploy Beacon read-only and see how Umbra fits at the endpoint, under your keys.