Security
Math, not policy.
Most password managers say "we will never read your data." Clavitor's architecture means we cannot. Your hardware authenticator derives encryption keys that never exist on any server. We hold the safe. Only you hold the key.
Three things make this work.
Per-field encryption
Every field has its own encryption tier. Your API key is readable by the agent that needs it; your credit card in the same entry is not. Same record, different access.
AES-256-GCM · per-field DEKHardware-derived keys
Your most sensitive fields are encrypted with a key derived from your WebAuthn authenticator — fingerprint, face, or hardware key. The key is computed in your browser. It never leaves the device.
WebAuthn PRF · HKDF-SHA256Out of reach
The vault runs on separate infrastructure your AI agent cannot touch. Credentials are released through a narrow API, scoped per agent. Nothing on your laptop. Nothing in your .env file.
Scoped tokens · Zero local cacheThe model
Three tiers. One vault.
Different fields are protected with different keys. Some fields are agent-readable; some only you can ever see.
What it covers
Entire vault encrypted at rest with AES-256-GCM. Keys held by the vault server.
Who can read it
Authenticated requests, after the vault decrypts on read. The baseline of every password manager.
What it covers
Per-field encryption for credentials: API keys, passwords, TOTP seeds, OAuth tokens, SSH keys.
Who can read it
Agents whose token grants the field's scope. Issued at runtime, scoped per agent, time-limited.
What it covers
Identity fields: credit cards, CVV, passport, SSN, recovery codes, private notes, signing keys.
Who can read it
Only you. The decryption key is derived from your WebAuthn authenticator and computed in your browser. It never exists on any server. Not ours, not anyone’s.
What we can't read
Mathematically, not editorially.
"We will not read your data" is policy. It depends on us keeping a promise. The list below is structural — we don't have the keys.
Identity fields
Credit cards, CVV, passport numbers, SSN, recovery codes, private notes. Encrypted with WebAuthn-PRF-derived keys. The key is computed in your browser at unlock time and discarded. We see ciphertext only.
Master passwords
There aren't any. There's nothing to forget, nothing to phish, nothing to crack in a breach. Your authenticator is the only path in.
Credentials in transit
Every connection is TLS 1.3 with modern ciphers and HSTS. Credentials are released to scoped agent tokens via narrow API endpoints, never logged.
Your AI's prompts to support
Our AI support reads your account configuration to help you — never your credentials. The same encryption that hides your secrets from us hides them from our AI too.
Threat model
What we defend against.
Every credential platform faces the same attack surface. Here's how Clavitor is designed against each.
Threat
How we defend
Outcome
Credential phishing
Users don't know their passwords (32-byte random, never displayed). The extension only fills on URL match. The user can't type what they don't know.
OTP / 2FA phishing
TOTP lives in the vault, scoped to the real domain. Wrong domain — no code. Same defense as the password.
Server breach
Identity fields are encrypted with hardware-derived keys we never hold. Credential fields auto-rotate — leaked plaintext expires within hours.
Compromised AI agent
Each agent has a scoped token. Compromise exposes the agent's scope only — not your full vault.
Endpoint malware
Vault is remote, not local. Session tokens are time-limited. WebAuthn challenges are origin-bound — malware can't sign for the user.
Insider attack
Identity fields are mathematically inaccessible to us. We could not produce plaintext under subpoena.
Read the deeper dives.
For the technical audience: cryptographic details, threat-model write-ups, and an open invitation to find what we missed.