Welcome back
Connecting...
Total Treasury
--
24h Volume
--
Active Agents
--
Policy Violations
--
Treasury Assets
--
USDC
--
USDT
--
EURC
--
System Status
Veris Pre-screenActive
KYA EngineL0-L3
Policy Engine<10ms
Drift DetectionHourly
Recent Transactions
LIVEAgent Fleet
Loading...| Agent | KYA | 24h Volume | Txns | Status | Actions |
|---|---|---|---|---|---|
| Loading... | |||||
Agent Fleet
| Agent | Platform | KYA | 24h Volume | Txns | Anomalies | Status |
|---|---|---|---|---|---|---|
| Loading... | ||||||
Transaction History
Live Feed
Real-timeWallets
| Agent | Chain | Type | Address | USDC | USDT | Status |
|---|---|---|---|---|---|---|
| Loading... | ||||||
Spending Policies
Loading...
Treasury Management
VerifyingPaymaster-backed gas sponsorship and budget control
Budget Allocations
| Department | Chain | Monthly Limit | Spent | Remaining | Utilization |
|---|
Sponsorship Log
Loading...
Loading...
Provider Keys
Connect your payment provider accounts. Your keys are envelope-encrypted and never stored in plaintext.
vpn_key
Bring Your Own Keys (BYOK)
Oris never holds your funds or processes payments. Your provider keys are encrypted with Vault Transit (KEK) and a per-account AES-256-GCM data key (DEK). Keys are decrypted only in ephemeral memory during a request and wiped from heap immediately after.
PI
Pimlico
ERC-4337 Bundler
CI
Circle
Fiat On/Off Ramp
TK
Turnkey
MPC Key Management
FB
Fireblocks
Enterprise Custody
How BYOK Encryption Works
1. Your API key is encrypted with a fresh AES-256-GCM data key (DEK), unique to your account.
2. The DEK is encrypted by HashiCorp Vault Transit (KEK). The plaintext DEK never persists.
3. During a payment, the key is decrypted in ephemeral memory, used once, and wiped from the process heap via ctypes.
4. Every key mutation is logged to a tamper-proof SHA-256 hash chain with Vault KV anchoring.