Athenian Secure API & Credentials Manager
product details.
Athenian Secure API & Credentials Manager centralizes encrypted API credential storage, admin management, and server-side access patterns for WordPress and Athenian integrations. It helps teams govern external API keys, secrets, and integration settings without exposing credentials across plugin code or frontend workflows while keeping data, permissions, and automation aligned with the broader Athenian Platform Ecosystem.
Athenian Secure API Key Manager is the credential security layer for Athenian WordPress and WooCommerce plugin ecosystems. It centralizes third-party API credentials into an encrypted, service-by-service storage model so integrations can safely retrieve secrets server-side without scattering raw keys across theme files, plugin options, frontend scripts, or one-off settings screens.
The plugin provides a WordPress-native admin interface, AES-256-GCM encryption at rest, masked credential display, PHP helper functions, admin-only REST routes, an OpenAI Responses API proxy, and WP-CLI commands for operational management. It is designed to support credentials for services such as OpenAI, Google Maps, Google SSO, Twilio, Facebook/Meta, Stripe, PayPal, AWS, SendGrid, and custom Athenian service registries.
For integration-heavy commerce environments, ASAKM creates a safer and more maintainable operating model. Administrators can see whether services are configured without exposing raw values, developers can retrieve credentials from one trusted server-side API, and support or DevOps teams can validate, rotate, and inspect credential status through admin tools or WP-CLI.
Within the broader Athenian Platform, Secure API Key Manager fits as the shared credential backbone for AI tools, quote intelligence, payment workflows, payout systems, messaging, mapping, social sign-on, shipping, vendor integrations, marketplace services, and future platform orchestration.
Credential Security
Centralize Third-Party API Credentials in Encrypted WordPress Storage
Athenian Secure API Key Manager stores API keys, OAuth secrets, webhook
secrets, access tokens, cloud keys, and AI service credentials in encrypted
service-specific WordPress options, giving integrations a safer alternative
to hardcoded constants, scattered settings pages, or browser-exposed secrets.
| Security Layer | Operational Value |
|---|---|
| Encrypted Storage | Encrypts each service configuration with aes-256-gcm, including IV, authentication tag, and ciphertext fields. |
| WordPress-Derived Keys | Derives encryption material from WordPress authentication keys and salts instead of shipping a static plugin key. |
| Service Groups | Stores credentials by service slug, such as OpenAI, Google Maps, Google SSO, Twilio, Meta, Stripe, PayPal, AWS, and SendGrid. |
| Non-Autoloaded Options | Saves each encrypted credential group as a separate non-autoloaded WordPress option to avoid loading secrets on every request. |
- Stores service options using the
asakm_<service_slug>option pattern, such asasakm_openai,asakm_stripe, andasakm_paypal. - Includes a filterable service registry through
asakm/services_meta. - Allows other plugins to register custom credential groups while reusing the same secure storage and admin interface.
- Defines
ASAKM_LOADEDso dependent plugins can detect whether the credential manager is available.
Operational Controls
Manage, Rotate, Validate, and Inspect Credential Status Without Revealing Secrets
ASAKM adds a WordPress admin workspace, masked credential display, safe
save behavior, admin-only REST diagnostics, and WP-CLI commands so teams
can configure and support integrations without exposing raw credential values.
Configure service credentials under Settings > Athenian API Keys
Show configured values safely without rendering raw secrets back to the browser
Run diagnostics, validation, get/set/delete, and scripted credential rotation
| Operations Layer | How It Helps |
|---|---|
| Safe Updates | Blank fields preserve existing values, a single hyphen clears a stored field, and delete actions remove the full service group. |
| Service Health | Admin-only REST endpoints show configured/missing service status and masked service details without revealing secret values. |
| OpenAI Proxy | Provides an admin-only server-side proxy pattern for OpenAI Responses API calls using stored OpenAI credentials. |
| WP-CLI Support | Supports doctor checks, service listing, masked or raw reads, set/replace operations, deletion, and service validation from trusted shell environments. |
- Registers admin routes such as
admin_post_asakm_saveandadmin_post_asakm_delete. - Provides REST routes such as
/wp-json/asakm/v1/health,/wp-json/asakm/v1/status/<service>, and/wp-json/asakm/v1/proxy/openai. - Includes WP-CLI commands such as
wp asakm doctor,wp asakm services,wp asakm get,wp asakm set,wp asakm delete, andwp asakm validate. - Restricts admin pages, save/delete actions, REST diagnostics, and proxy routes to users with
manage_options.
Platform Credential Backbone
Give Athenian Plugins a Shared Server-Side Secret Retrieval Pattern
Athenian Secure API Key Manager exposes trusted PHP helper functions so
other plugins can fetch credentials server-side, register new service
groups, and build AI, payment, messaging, mapping, shipping, and marketplace
integrations without duplicating secret-storage logic.
| Integration Surface | Operational Purpose |
|---|---|
| Server-Side Helpers | Provides PHP functions to fetch, read, save, and delete service credential groups from trusted plugin code. |
| Extensible Services | Lets platform modules register their own credential fields through the shared service metadata filter. |
| AI Workflows | Supports OpenAI-backed features such as quote intelligence, generation tools, admin assistants, and secure backend proxy patterns. |
| Athenian Ecosystem Fit | Can support credentials for OwlPay, shipping managers, social sign-on, Twilio messaging, Google Maps, Stripe, PayPal, SendGrid, vendor APIs, and future Platform Core services. |
One secure credential layer:
ASAKM gives administrators configuration visibility, developers a consistent
retrieval API, and operations teams safer tooling for supporting complex
API-driven WordPress and WooCommerce sites.
- Provides helper functions including
asakm_fetch(),asakm_get(),asakm_save(), andasakm_delete(). - Supports usage patterns such as
asakm_get('openai', 'api_key')andasakm_get('paypal', 'environment', 'sandbox'). - Keeps raw credential access server-side and avoids exposing secrets through frontend-localized JavaScript variables.
- Builds toward provider validation checks, audit logs, key-age tracking, rotation reminders, plugin consumer badges, environment labels, encrypted import/export for same-salt environments, and failure reporting for salt/key changes.
