X25519 + ChaCha20-Poly1305 · Never Logged

Seqret

Encrypted credential vault

Seqret manages credentials, API keys, and secrets with military-grade encryption. Secrets are encrypted with X25519 key exchange and ChaCha20-Poly1305 authenticated encryption. They never leave the WfP namespace and are never logged.

noqnoq-seqret-auth.emergenthq.net/noqnoq/health

◬

Zero-Log Policy

All seqret responses carry log_policy: Never. Secrets are never written to logs, traces, or observability streams.

◈

X25519 Key Exchange

Per-credential ephemeral X25519 key pairs. Encryption keys are derived per-request and never persisted.

◉

ChaCha20-Poly1305

Authenticated encryption with AEAD. Both confidentiality and integrity are guaranteed. No unauthenticated ciphertext.

⬡

WfP Isolation

Crypto operations happen inside Cloudflare Workers for Platforms namespaces. The execution environment is isolated from all other traffic.

◆

MFA & OAuth

Seqret Auth provides MFA, OAuth flows, and org-level credential management. Agents authenticate via NoqNoq, not directly to external services.

◐

Rotation Support

Automatic and manual credential rotation. Services are notified via GUCP events when credentials change.

Capabilities (GUCP)

seqret.get

seqret.put

seqret.rotate

seqret.delete

seqret.list

seqret.auth.verify

seqret.auth.oauth.flow

seqret.auth.mfa.setup