diff --git a/src/pyra/vault/reader.py b/src/pyra/vault/reader.py
new file mode 100644
index 0000000..3b184ec
--- /dev/null
+++ b/src/pyra/vault/reader.py
@@ -0,0 +1,21 @@
+import json
+from pathlib import Path
+
+from pyra.security.boundaries import assert_safe_path
+from pyra.utils.paths import pyra_home, safe_chmod
+
+_KEYS_FILE = pyra_home() / "vault" / "secrets" / "api_keys.json"
+
+
+def get_key(provider_id: str) -> str | None:
+    """Read an API key from the vault. Never exposed to the AI."""
+    assert_safe_path(_KEYS_FILE)  # defense-in-depth
+
+    if not _KEYS_FILE.exists():
+        return None
+
+    # Ensure permissions remain tight before reading
+    safe_chmod(_KEYS_FILE, 0o400)
+
+    data: dict = json.loads(_KEYS_FILE.read_text())
+    return data.get(provider_id)
diff --git a/src/pyra/vault/writer.py b/src/pyra/vault/writer.py
new file mode 100644
index 0000000..47fe267
--- /dev/null
+++ b/src/pyra/vault/writer.py
@@ -0,0 +1,42 @@
+import json
+from pathlib import Path
+
+from pyra.security.boundaries import assert_safe_path
+from pyra.utils.paths import ensure_dir, pyra_home, safe_chmod
+
+_KEYS_FILE = pyra_home() / "vault" / "secrets" / "api_keys.json"
+
+
+def set_key(provider_id: str, api_key: str) -> None:
+    """Store an API key in the vault. Called only by the setup wizard."""
+    assert_safe_path(_KEYS_FILE)  # defense-in-depth
+
+    ensure_dir(_KEYS_FILE.parent, 0o700)
+
+    # Temporarily make writable to update
+    if _KEYS_FILE.exists():
+        safe_chmod(_KEYS_FILE, 0o600)
+        data: dict = json.loads(_KEYS_FILE.read_text())
+    else:
+        data = {}
+
+    data[provider_id] = api_key
+
+    _KEYS_FILE.write_text(json.dumps(data, indent=2))
+    safe_chmod(_KEYS_FILE, 0o400)
+
+
+def delete_key(provider_id: str) -> bool:
+    """Remove an API key from the vault. Returns True if key existed."""
+    assert_safe_path(_KEYS_FILE)
+
+    if not _KEYS_FILE.exists():
+        return False
+
+    safe_chmod(_KEYS_FILE, 0o600)
+    data: dict = json.loads(_KEYS_FILE.read_text())
+    existed = provider_id in data
+    data.pop(provider_id, None)
+    _KEYS_FILE.write_text(json.dumps(data, indent=2))
+    safe_chmod(_KEYS_FILE, 0o400)
+    return existed