Passwords and keys are everywhere.
Clavitor makes them go away.

Passwords and keys protect our private lives, our company secrets, and our money — and they are our weakest link. Clavitor replaces every one of them with a single gesture only you can make.

Clavitor never shows the password. Not to you, not to your AI agent, not even to us.

Saved from forgetting. Saved from losing. Saved from phishing. Saved from reusing. Saved from typing.

Use for free → See plans

Tell me more

01 Security → Three-tier encryption, hardware-derived keys, and why we can’t read your data. 02 Network → 21 regions, every continent. Cross-hemisphere backup. 99.999% SLA. 03 Pricing → Free for 10 entries, $12/year for unlimited. No hidden tiers. 04 Downloads → Browser extension, mobile (iOS/Android), CLI, and HTTPS proxy. 05 Developers → Scoped tokens for Claude Code, Codex, and any agent that needs credentials.

Global footprint

Your vault. Wherever you are.

21 regions, every continent. Each region is an isolated database — not a row in a shared table. Cross-hemisphere backup. Failover is automatic.

21Regions

6Continents

<60msAlmost everywhere

99.999%SLA on reads

See latency from your location →

The problem

Your credentials are exposed.

Three ways secrets leak in the age of AI agents. All of them are normal. All of them are broken.

Plaintext

.env files with 40 API keys

Your agent reads environment variables. Every key, every secret, every token — sitting in plaintext on the same filesystem the agent has shell access to.

Readable

Browser passwords aren't private

Chrome, Firefox, Safari — they all decrypt your passwords when the OS session is unlocked. Any process with user-level access can read them. So can any agent.

All-or-nothing

Agents see everything or nothing

Your agent needs your GitHub token. It shouldn't also see your passport number. Today's vaults give it access to both — or neither.

Clavitor fixes all three. Credentials at arm's length. Scoped per agent. Encrypted with your device.

How it feels

Four surfaces. One vault.

Each one designed for a different moment. All pointing at the same encrypted store.

Your agent deploys.
You didn't touch anything.

The agent calls the CLI, gets the credential, deploys. No .env file. No copy-paste. No secrets in logs. The vault is remote — the agent can't bypass it.

Scoped tokens — each agent sees only what it's granted.

CLI & agent setup →

You land on a login page.
It's already filled.

LLM-powered field mapping. No content scripts injected into pages. No desktop app dependency. Tap your fingerprint, done.

Zero content scripts — nothing injected into your pages.

Browser extension →

You need your card number
at dinner.

Face ID or fingerprint. Your card number appears. Encrypted with your fingerprint or security key — even Clavitor's servers can't see it.

Identity fields — we can't read them. Not won't. Can't.

iOS & Android apps →

Your CI pipeline authenticates.
No secrets in the repo.

The HTTPS proxy injects credentials into requests transparently. The secret never touches the agent's memory, logs, or context window.

Secrets resolved in transit — never in logs or agent output.

Proxy architecture →

Built for everyone

From your first password to your fiftieth team.

One product, three ways to use it. Same vault, same encryption, same fingerprint.

Individual

For you and your family

Every password, every card, every recovery code — in one place that follows you across phone, laptop, and tablet. Share with family without texting.

Browser extension and mobile apps Cards and identity hidden behind your fingerprint Free for 10 entries, $12/year unlimited

Personal & Family→

Business

For your team

Stop sharing passwords in Slack. Give every employee their own scoped access. Onboard new hires in seconds, offboard them in one click.

Per-user vaults with shared groups Auto-rotation when someone leaves Audit log of every credential access

Teams of 10 to 500→

Enterprise

For your organization

SCIM, SIEM, centralized audit, regional residency, and a real SLA with compensation. Field-level encryption that satisfies compliance, not just policy.

SCIM directory sync & SAML SSO SIEM integration & centralized audit Regional residency & 99.999% SLA

500+ users→

Can't.

We can't read your data

Identity fields are encrypted with keys derived from your fingerprint, face, or security key. The key never exists on any server. Math, not policy.

Regions, every continent

Each vault is an isolated database. Cross-hemisphere backup. 99.999% SLA on reads. Your vault is where you are.

Free

10 entries. Forever.

Full encryption. All integrations. All regions. No credit card. Upgrade to unlimited for $12/year when you're ready.

Use it free, forever.

10 entries, one vault, one agent. Full encryption. Same infrastructure as paid plans. Upgrade only if you need more.

Get started in 30 seconds

# Initialize the agent (one-time, token from web UI)

$ clavitor-cli init <setup-token>

# Fetch any credential your agent is scoped to

$ clavitor-cli get "Vercel" --field token

tV3r_a8f3kN9...