Now in early access

Your workloads never see the real credentials.

Armortron9000 is a custom NAT gateway for your AWS VPC. Workloads hold placeholder values. Every outbound request is intercepted at the network boundary, the real credential is injected, and the request is forwarded. Nothing lives in your runtime.

Get early access See how it works

Workload

Armortron9000 Gateway

Destination

sk_placeholder_not_real

→

real key injected

→

api.stripe.com 200

Claude CodeLambdaECSFargateCodex CLIGitHub Actions

How it works

From request to response. Every step mediated.

Armortron9000 sits between your workloads and the internet. It intercepts every outbound request and injects real credentials only when policy allows — without your code ever touching them.

Deploy the gateway into your VPC

One CloudFormation stack or Terraform module. Armortron9000 becomes your VPC's NAT gateway. No code changes in your workloads.

Map destinations to credentials

Declare which real secrets attach to which external hosts in the Armortron9000 dashboard. Secrets are stored outside your VPC.

Workloads use placeholder values

Replace real API keys with dummy strings in env vars or Secrets Manager. Your workloads start with no valid credentials.

Every outbound request is intercepted

Traffic routes through the gateway automatically via VPC routing. The gateway matches the destination host against your declared policy.

Real credential injected, request forwarded, decision logged

If the destination is allowed, the real credential is injected at the header level. Every decision is written to the audit trail with full context.

terraform - armortron9000 gateway

# terraform - armortron9000 gateway

module "armortron9000" {
  source  = "armortron9000/gateway/aws"
  vpc_id  = var.vpc_id
  subnets = var.private_subnet_ids
}

# credential mapping (dashboard or IaC)
# api.stripe.com  →  STRIPE_SECRET_KEY  (stored outside VPC)
# api.openai.com  →  OPENAI_API_KEY     (stored outside VPC)

# workload env vars — no real values here
STRIPE_SECRET_KEY = "sk_placeholder_not_real"
OPENAI_API_KEY    = "sk-placeholder-not-real"

Security model

Zero secrets in the runtime. Full control at the boundary.

A compromised workload returns nothing useful. The real credentials never entered the process.

What an attacker gets from a compromised workload

stolen env vars - Lambda process dump

# stolen environment variables - worthless without the gateway
STRIPE_SECRET_KEY="sk_placeholder_not_real"    # real value: NOT PRESENT
OPENAI_API_KEY="sk-placeholder-not-real"        # real value: NOT PRESENT
GITHUB_TOKEN="ghp_placeholder_not_real"         # real value: NOT PRESENT

# process dump, leaked log line, or stolen env var
# returns nothing real. real credentials never entered this runtime.

A process dump, leaked log line, or stolen env var returns only placeholder strings. The real credentials never entered the runtime.

What the gateway controls

Real credentials stored outside your VPC

Secrets are never injected into process memory. Injection happens at the network header level only for requests that match your declared policy.

Deny-by-default egress policy

Any destination not explicitly declared is blocked. Workloads cannot reach unexpected hosts, even if compromised.

Per-destination credential scoping

Your Stripe key never reaches OpenAI, and vice versa. Each credential mapping is scoped to a specific host.

Full audit trail per request

Every forwarded request is logged with destination, HTTP method, workload identity, and the policy decision.

Use cases

Any workload in your VPC. Same boundary.

Whether you're running serverless functions, containers, or AI agents, Armortron9000 intercepts every outbound request before it leaves your VPC.

AI coding agents

Agents calling GitHub, npm registries, or model providers hold placeholder keys. The gateway injects the real token per-destination.

✓Scoped per-destination credential injection
✓Deny-by-default — agents can only reach declared hosts
✓Full audit trail of every API call made

Claude CodeCodex CLIAiderGoose

Lambda functions

Serverless workloads calling Stripe, Twilio, SendGrid, or any SaaS API. No secrets in environment variables or SSM parameter store.

✓Zero blast radius on function compromise
✓Credential rotation at the gateway, not in function config
✓Per-invocation audit logging

AWS LambdaServerless

ECS / Fargate services

Long-running containerised services calling external data providers. Credential rotation happens at the gateway, not in container config.

✓No secrets in container environment variables
✓Rotate credentials without redeploying containers
✓Granular per-service egress policy

ECSFargateEC2

CI/CD pipelines

GitHub Actions runners or CodeBuild jobs calling deployment APIs, package registries, or cloud services. Pipeline YAML contains no real credentials.

✓No secrets committed to pipeline config
✓Pipeline compromise reveals only placeholder strings
✓Instant kill switch during a security incident

GitHub ActionsCodeBuildGitLab CI

Why this is different

Other tools move secrets around. We remove them from the equation.

Env vars, Secrets Manager, IAM — every existing approach still puts credentials inside your workload at some point. Armortron9000 is the only layer where the credential never enters the process.

Solution	No secrets in runtime	Works for 3rd-party APIs	Injection at network layer	Deny-by-default egress	Per-request audit log	No code changes required	Instant kill switch
Env vars / .env files	—	✓	—	—	—	✓	—
AWS Secrets Manager	—	✓	—	—	—	—	—
IAM roles	—	—	—	—	—	✓	—
HashiCorp Vault	—	✓	—	—	✓	—	✓
Armortron9000	✓	✓	✓	✓	✓	✓	✓

Only Armortron9000 provides injection at the network layer with full egress policy enforcement and zero secrets in the runtime.

Observability

Every request. Every decision. Every byte.

Real-time visibility into every outbound request. See what your workloads are reaching, what the gateway allowed or blocked, and pull the kill switch in one click.

2.1Kreq/min↑

Total request volume

100%

Requests mediated

Secrets in workload runtimes

Active destination mappings

30d

Audit retention

Active destination routes

api.stripe.com847 req/h

api.openai.com2.1K req/h

registry.npmjs.org312 req/h

Kill switch

One switch. Every injected credential revoked. Active requests drain; new ones are denied.

Granularity

All destinationsSpecific destinationSpecific workload

Pricing

Pay for what flows through. Not what it's protecting.

Plans scoped by monthly forwarded requests and credential mappings. Every plan includes policy enforcement, deny-by-default egress, credential injection, and audit logging.

Free

Start building with free compute credits.

$0/mo

50K requests/mo
3 destination mappings
1 VPC
7-day audit retention
Community support

✓Core gateway access
✓Policy enforcement included
✓Deny-by-default egress
✓Basic API access
✓Audit trail (7-day retention)

Pro

Popular

For developers shipping with agents daily.

$29/mo

1M requests/mo
25 destination mappings
3 VPCs
30-day audit retention
Email support

✓Everything in Free
✓Priority API throughput
✓Persistent workspace support
✓Audit export
✓Custom runtime sizes

Team

Shared controls for teams building together.

$99/mo

10M requests/mo
Unlimited mappings
10 VPCs
90-day audit retention
Faster support SLA

✓Everything in Pro
✓Organisation management
✓Role-based access control
✓Team billing
✓Region controls
✓Audit exports

Enterprise

Governance, compliance, and dedicated support at scale.

Custom

Unlimited requests
Unlimited mappings
Unlimited VPCs
Custom audit retention
Dedicated support

✓Everything in Team
✓SSO / SCIM integration
✓Private deployment options
✓Compliance accommodations
✓Custom SLAs and quotas
✓Procurement and security review

Every plan includes policy enforcement, deny-by-default egress, credential injection, and audit logging. No hidden per-gateway fees.