Key storage
Gray handles three kinds of secrets. Each one is stored where it should be.
SSH keys
Section titled “SSH keys”Generated on-device by the native app and stored in Apple’s Secure Enclave (or Android’s hardware-backed keystore). They never leave the chip — Gray uses them for SSH but cannot read them, copy them, or send them anywhere.
If you delete the app, the keys are gone. There is no backup. (Add the public key to your servers when you set up; lose your phone, regenerate on a new device, re-add the new public key.)
Connector tokens
Section titled “Connector tokens”OAuth tokens (Gmail, GitHub, etc.) and API keys (Shopify, Cloudflare, etc.) are stored in an encrypted vault outside the brain’s working directory.
- On hosted Gray: in your per-user volume, encrypted at rest.
- On self-host: in
<vault>/on your server.
The brain sees that a connection exists. It never sees the raw token. When the brain wants to act on a connector, it asks the connector broker to make the call; the broker uses the token and returns the result.
Provider keys (self-host only)
Section titled “Provider keys (self-host only)”OPENAI_API_KEY, ANTHROPIC_API_KEY, cloud creds for Bedrock/Vertex —
these live in .env on your self-hosted box. Standard 12-factor.
Hub-gate token
Section titled “Hub-gate token”VB_SELFHOST_TOKEN is the credential your self-hosted box uses to prove
to the Gray hub that your subscription is active. It’s in .env. You can
rotate it any time from enterprise console → org → Self-host → Rotate
token.
What we don’t store
Section titled “What we don’t store”- Your OS keychain.
- Browser passwords.
- Anything you haven’t explicitly given Gray.