Skip to content

umeshkedimi/askp

ASKP — AI Secure Key Protocol

OAuth for AI Provider Access. Applications should never hold raw OpenAI, Anthropic, or other provider API keys.

ASKP is an open protocol plus a reference implementation that lets applications, agents, services, and MCP servers access AI providers through short-lived, scoped tokens instead of long-lived provider credentials.

Organizations store provider credentials once, inside ASKP. ASKP issues scoped access tokens. Applications authenticate with ASKP tokens — never with the underlying provider key. ASKP validates permissions, enforces budgets and quotas, records every request, and forwards the call to the provider.

App ──ASKP token──▶ ASKP Gateway ──real provider key──▶ OpenAI / Anthropic / …
                         │
                  policy · budget · audit · revocation

Why ASKP exists

Today, provider API keys are pasted into .env files, baked into containers, shared across services, and handed to autonomous agents. A single leaked key is a long-lived, full-access, unattributable credential that can run up unbounded cost. There is no standard for scoping, attributing, budgeting, or instantly revoking AI provider access.

ASKP aims to be for AI providers what OAuth became for the web: a provider-agnostic standard for delegated, least-privilege access.

See docs/vision/problem-statement.md for the full problem analysis.


Two artifacts, one project

Artifact Lives in What it is
The ASKP Protocol spec/ A language-agnostic, versioned specification. Anyone can implement it in any language and interoperate.
The Reference Implementation services/ (later batches) A Python / FastAPI implementation: Issuer, Vault, Gateway, Policy Engine. Proves the protocol and gives you something to run on day one.

The protocol is the headline. The implementation proves it.


Documentation

Batch 1 — Foundations (this milestone)

  1. Product Vision
  2. Problem Statement
  3. Core Concepts
  4. ASKP Protocol Specification — v1 Draft
  5. System Architecture

See docs/README.md for the full deliverables roadmap.


Status

🚧 Pre-alpha — design phase. The protocol is a working draft (askp/v1, draft-01). Nothing here is stable yet. We are designing in the open.

Contributing

ASKP is built in public and welcomes contributors — especially review of and proposals against the protocol spec. Start here:

License

Licensed under the Apache License 2.0. Contributions are accepted under the same license. The Apache-2.0 patent grant is deliberate: it suits a project intended to become an open standard.

About

ASKP — AI Secure Key Protocol. A secure platform to manage AI provider keys, issue scoped access tokens, and proxy requests without exposing real keys.

Resources

License

Code of conduct

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors