Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.vaultgraph.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Before you can submit signed receipts, VaultGraph needs the full deployment context in place:
  • A vendor VAULTGRAPH_API_KEY
  • An agent record
  • A deployment for that agent workflow
  • A deployment signing key registered from your Ed25519 public key
  • The matching VAULTGRAPH_PRIVATE_KEY
The setup order matters. Receipt ingestion is rejected until the target deployment exists and the submitted public key matches an active signing key on that deployment.

1) Create your vendor API key

  1. Sign in at app.vaultgraph.com
  2. Switch to your vendor organization
  3. Open Org Settings → API Keys
  4. Click Create API key and copy it
Save this value as VAULTGRAPH_API_KEY in your server environment.
Never expose API keys in browser/client code. Keep them in your backend secrets manager or server-only environment variables.

2) Create the agent and deployment

Create the resources that VaultGraph uses to attribute receipts:
  1. Create or open the target agent in the portal
  2. Create a deployment for that agent
  3. Copy the deployment short ID (dep_...) for your backend configuration
Receipts are deployment-scoped. The signed receipt payload stays agent-agnostic, and VaultGraph resolves the agent and vendor context from the submitted deployment_id.

3) Generate your Ed25519 keypair

Use any of these options to generate PEM-encoded keys: 
openssl genpkey -algorithm Ed25519 -out key.pem
openssl pkey -in key.pem -pubout -out key_public.pem
Store the private key in your server environment and keep the public key available for deployment registration:
  • VAULTGRAPH_PRIVATE_KEY
The private key must remain secret. Store it server-side only and never commit it to source control.

4) Register the public key on the deployment

Signing keys are managed only in the VaultGraph portal UI. After generating your keypair:
  1. Create or open the target deployment in the portal
  2. Open the deployment actions menu and select the key action
  3. Paste the public key and save it as an active signing key for that deployment
Receipt ingestion is rejected unless the submitted public_key matches an active signing key registered on the target deployment.

5) Add credentials to your environment

Example: 
VAULTGRAPH_API_KEY=vgk_...
VAULTGRAPH_DEPLOYMENT_ID=dep_...
VAULTGRAPH_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"

6) Submit receipts from your backend

Once setup is complete, your agent integration is straightforward:
  1. Let the agent finish a job in your application
  2. Hash the sensitive context locally
  3. Sign the receipt with your Ed25519 private key
  4. Submit the signed receipt with your API key and deployment ID
import { prepareReceiptContext, submitSignedReceipt } from "@vaultgraph/sdk";

const preparedContext = prepareReceiptContext({ transcript: "..." });

await submitSignedReceipt({
  apiKey: process.env.VAULTGRAPH_API_KEY!,
  deploymentId: process.env.VAULTGRAPH_DEPLOYMENT_ID!,
  privateKey: process.env.VAULTGRAPH_PRIVATE_KEY!,
  jobId: "job-001",
  resolution: "success",
  contextHash: preparedContext.contextHash,
  metadata: { channel: "email", duration_ms: 1200 },
});
VaultGraph then derives the matching public key in the SDK, resolves the active deployment signing key by that public key, verifies the signature, stores the receipt, and updates the relevant agent and deployment views.

What happens under the hood

StepWhoWhat
HashYour backendRuns prepareReceiptContext() on sensitive data before submission
SignYour backendSigns the canonical receipt JSON with your Ed25519 private key
SubmitYour backendPOSTs the signed receipt with x-api-key auth, deployment_id, and the matching public key
VerifyVaultGraphResolves the active deployment signing key by public key and validates the signature
ScoreVaultGraphComputes trust scores from persisted receipt outcomes
DisplayVaultGraphSurfaces receipts, trends, and trust metrics in organization, agent, and deployment views

Next step

Continue with: