How Any SaaS Can Build a Copilot — and Securely Handle Secrets for AI Agents

AI agents are starting to sign up for services, request API keys, and interact with your product autonomously. OpenClaw, Gemini, and others are just the beginning. But handing secrets to an agent introduces real security risks that most apps aren't ready for. Pillar lets any SaaS add a Copilot by exposing your existing API calls and UI actions to a reasoning server with minimal frontend code. The server can then call those functions and take action inside your app on behalf of users — or agents. In this video, we walk through how Pillar handles one of the trickiest parts of this new world: secure secret exchange. Here's how it works: - A user or third-party agent (like Gemini) asks your app for a dev API key - Your app calls a create_api_key endpoint - Instead of returning the raw secret, your app returns a SECRET_REF and SECRET_REF_URL - The Pillar client displays a "Reveal Secret" button — clear to both humans and agents - The secret is redeemed once via the reference URL, then the reference is burned OR you can also just return the secret directly and mark it as sensitive. Pillar handles the rest — storing it briefly in Redis with a short TTL, redeemable exactly once. As autonomous agents become first-class users of your product, patterns like this aren't optional. They're table stakes. Try it out: https://trypillar.com #AI #Copilot #SaaS #APIKeys #Security #AIAgents #DevTools #OpenClaw