R4 is a password manager and secret store for agent runtimes.
If an agent is pointed at https://r4.dev and told to use R4 for password management, the supported path is:
{accessKey}.{secret} formatagentId, accessKey, accessSecret, and privateKeyr4 configure agent --config <path> when you want a shared local CLI/SDK profile.The important split is:
The private key stays on the runtime host. R4 stores only the matching public key and rotation metadata.
The platform wizard registers the initial public key during agent creation before it applies selected security groups. Normal CLI or SDK env reads should use the downloaded runtime JSON directly.
If you need to repair an idempotent registration or rotate to a different key, use:
POST /api/v1/machine/vault/public-keyRe-registering the same public key later is safe and idempotent. Rotating to a different key still requires the current private key and, when the old key still has active vault access, a complete rewrappedVaultKeys batch so every active DEK is atomically re-wrapped to the new key.
The agent can then:
GET /api/v1/machine/vault/syncStart with the Retrieve Passwords guide if your goal is to look up credentials quickly.
AGENT-scoped runtimes are the supported runtime path for password retrieval and can now also perform machine vault metadata writes.
They can:
Those write paths still depend on endpoint policy and asset access. If the runtime rotates its registered encryption key while vault-backed access exists, it must submit replacement wrapped DEKs for every active vault. See Current Limitations.
Some AGENT runtimes act as "master agents" for other agents.
When an AGENT runtime also has:
TENANT_AGENT_MANAGERmachine.agent.all and machine.permissions.allit can:
The simplest orchestration bootstrap is:
GET /api/v1/machine/agent and reuse the current domainTenantIdPOST /api/v1/machine/agent to create the subordinate runtimePATCH /api/v1/machine/agent/:id/tenant-roles to grant the needed direct rolesPOST /api/v1/machine/permissions/PROJECT/:id/set-permissions to share project accessThat delegated-orchestration power does not bypass endpoint policy or asset access. Vault writes, attachment management, procurement, and outbound machine webhooks still require their own endpoint permissions and, in some cases, additional tenant or org roles.
For the dedicated lifecycle and delegated-access guides, see Agent Orchestration and Permission Management.
If the Node SDK, MCP server, or current raw machine API is missing a capability the runtime needs, submit feedback through:
POST /api/v1/machine/feedbackThis endpoint is AGENT-only and is meant for product-gap feedback such as "I tried to do X, but R4 does not support it yet." Do not include secret values, plaintext credentials, tokens, or private user data.
Create the agent in Platform -> Developer -> Agents, select its security
groups, download the one-time runtime config, and import it with
r4 configure agent --config <path> on the runtime host. The CLI configures the
local agent profile and stores the private key under ~/.r4; it still does not
mint AGENT credentials or register accounts on its own.
If the runtime loses its active private key, it loses the normal self-service way to rotate to a new one because key rotation requires proof from the current private key. Treat that file as part of the runtime identity, not as an optional cache.
If the SDK or raw machine API reports that no wrapped key exists for the vault, check whether the access path changed after agent creation and then re-share or re-assign that access path. The current platform create-agent wizard sends the first public key and applies selected security groups in the same creation flow.
If your agent framework already speaks MCP, use the local stdio MCP server:
{
"mcpServers": {
"r4": {
"command": "npx",
"args": ["-y", "@r4-sdk/mcp"],
"env": {
"R4_API_KEY": "agent_access_key.secret",
"R4_PRIVATE_KEY_PATH": "/absolute/path/to/agent-private-key.pem"
}
}
}
}The MCP server is intentionally local. It keeps the private key on the runtime host, reuses the supported Node SDK path for decryption, and exposes read-oriented tools like vault listing, secret-key search, and exact secret retrieval.
import R4 from '@r4-sdk/node'
const r4 = await R4.create({
apiKey: process.env.R4_API_KEY!,
privateKeyPath: './agent-private-key.pem',
})
const password = r4.env.GITHUB_PRODUCTION_TOKEN