The producer authenticates to Vault and writes a secret to the cubbyhole with response wrapping: 'VAULT_TOKEN=<PRODUCER_TOKEN> vault kv put -wrap-ttl=300s cubbyhole/handoff api_key=<VALUE>'
Vault returns a wrapping token instead of the write confirmation; the wrapping token is the only way to retrieve the cubbyhole value
Deliver the wrapping token to the consumer via a secure side channel (e.g., instance metadata, encrypted message queue)
The consumer unwraps the token: 'vault unwrap <WRAPPING_TOKEN>' which reveals the original write response containing the cubbyhole path data
After unwrapping, the wrapping token is destroyed; any second attempt to unwrap returns a 400 error
Use 'vault token lookup <WRAPPING_TOKEN>' before handing off to verify the TTL has not expired; never share the wrapping token over an unencrypted channel
Known gotchas
The cubbyhole is scoped to the producer's token; after the wrapping token is unwrapped, the underlying cubbyhole data is destroyed — the consumer cannot re-read the original path
Response wrapping wraps the entire HTTP response body, not just the secret value; the consumer receives a full API response object and must parse the appropriate field
Wrapping tokens have an accessor that can be looked up via the audit log; if an attacker can enumerate wrapping token accessors in the audit log, they can detect that a handoff occurred even if they cannot read the content
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp