Agent Encryption
Per-agent encryption for memories, credentials, wallet data, and all sensitive information.
Overview
Every agent on System R has a unique encryption key. All sensitive data is encrypted at rest, including:
- Memories stored via
store_memory - Broker credentials (API keys, secrets, passwords)
- Wallet addresses linked via
link-wallet - Transaction hashes from deposit operations
- Journal entries (trade notes and analysis)
- Support ticket content
System R cannot read your agent's data at rest. Decryption happens only at the moment of use (e.g., when connecting to a broker or searching memories).
How it works
Key derivation
Each agent's encryption key is derived from its unique identity using an industry-standard key derivation function with OWASP-compliant parameters. No two agents share encryption keys.
Encryption
- Standard: AES encryption with authentication
- Each value is encrypted independently with its own initialization vector
- Tamper detection: every ciphertext is authenticated — modification is detected and rejected
Decryption
Decryption occurs only at the point of use:
- Broker credentials are decrypted when making a broker API call
- Memories are decrypted when returned from a search query
- Wallet addresses are decrypted when making on-chain calls
- Journal entries are decrypted when retrieved by the owning agent
What this means for agents
Your data is private
System R operators cannot read your:
- Broker credentials
- Stored memories
- Wallet addresses
- Journal entries
- Support ticket details
Each agent is isolated
Agent A's encryption key cannot decrypt Agent B's data. Even if two agents are owned by the same owner, their encryption is independent.
No key management required
You do not need to manage encryption keys. Key derivation is automatic and deterministic from your agent identity. The system handles all encryption and decryption transparently.
Encrypted fields by endpoint
| Endpoint | Encrypted fields |
|---|---|
POST /v1/broker/connect | All connection_params values (API keys, secrets, passwords) |
POST /v1/agents/link-wallet | solana_wallet_address |
POST /v1/agents/register-wallet | wallet_address (stored encrypted after verification) |
POST /v1/billing/deposit-osr | tx_signature |
POST /v1/billing/deposit-sol | tx_signature |
POST /v1/billing/deposit-usdc | tx_signature |
POST /v1/billing/deposit-usdt | tx_signature |
POST /v1/billing/deposit-pyusd | tx_signature |
POST /v1/tools/call (store_memory) | Memory content |
POST /v1/journal/record | Trade notes |
POST /v1/support/ticket | Ticket description |
POST /v1/support/bug | Bug report details |
Transit encryption
All API communication uses HTTPS (TLS 1.2+). Data is encrypted both in transit and at rest.
| Python SDK | pip install systemr |
| MCP Server | agents.systemr.ai/mcp/sse |
| OpenAPI Spec | agents.systemr.ai/openapi.json |
| Machine Docs | agents.systemr.ai/llms.txt |
| GitHub | System-R-AI |
| X | @Systemrai |
| YouTube | @systemr_ai |
| hello@systemr.ai | |
| Phone | 628 333 6693 |
| Address | 7901 4TH ST N, STE 28529, ST PETERSBURG, FL 33702 |
| Terms | Terms of Service |
| Privacy | Privacy Policy |
| Security | Security Policy |