Blog Releases Issues Docs Download Status Looking Glass Contact Sales
Network Resilience Recovery Security Pricing
Developers
Developer overviewCLI, SDKs, webhooks InfrastructureDocker, K8s, Terraform, CI/CD. AI AgentsClaude Code, Codex, Cursor, Hermes, OpenClaw. MSP ToolsDatto, NinjaOne, ConnectWise, N-able. Browser extensionAutofill, device-based login, generator Mobile appsNative iOS and Android Claude CodeScoped tokens CodexOpenAI integration CursorAgent mode Hermes AgentHermes Agent by Nous Research OpenClawAgent resolver ImportFrom any password manager
Resources
Blog Releases Issues Docs Download Status Looking Glass Contact Sales
Solutions
Consumer SMB Enterprise MSP
Language
🇺🇸 English 🇮🇩 Bahasa Indonesia 🇩🇰 Dansk 🇩🇪 Deutsch 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇳🇴 Norsk 🇵🇱 Polski 🇧🇷 Português 🇫🇮 Suomi 🇸🇪 Svenska 🇻🇳 Tiếng Việt 🇹🇷 Türkçe 🇷🇺 Русский 🇺🇦 Українська 🇮🇳 हिन्दी 🇹🇭 ไทย 🇨🇳 中文 🇯🇵 日本語 🇰🇷 한국어
Sign in Get free forever Get started

Developers

One CLI call. Every secret.

No env vars. No config files. No secrets in logs. Every secret your code needs, resolved at runtime from a vault your agent can't bypass.

The pattern

Store it once. Retrieve it anywhere.

Each agent is initialized once with its own token, scopes, and rate limits. After that, the agent can fetch secrets at runtime. The key is stored encrypted in the vault, never in env vars or source code. If the key rotates, update it in the vault UI — every agent picks it up automatically.

# One-time setup — paste the token at the prompt, or pipe it in
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init

# Single value — piped, never stored
$ clavitor-cli get "Deploy Key" --field private_key | ssh-add -

# Whole config — secrets resolved, template safe to store anywhere
$ clavitor-cli render app.config.json | myapp --config -

# Proxy — credentials injected at the network layer
$ export HTTPS_PROXY=http://localhost:1983
$ curl -H "Authorization: Bearer clavitor://OpenRouter/key" https://openrouter.ai/api/v1/models

Three ways to use it

Field, Render, or Proxy.

Field

One value. Pipe it into any command or script. The secret exists only in the pipe — never in a variable, never on disk.

Render

Whole config file. Resolve all clavitor:// references at startup. The template is safe to commit. The resolved config lives in a pipe.

Proxy

HTTPS proxy. Credentials resolved from headers transparently. The agent writes clavitor:// where the secret should go — the proxy injects the real value. Nothing in logs, nothing in agent memory.

Which one should I use?

FeatureFieldRenderProxy
Secrets out of logs
Works with any language
Works with any tool (curl, SDK, browser)
Per-agent scoping & audit
Multiple secrets at once
No code changes needed
Config files safe to commit
SSH / non-HTTP use cases

Quick pick: Building a script or CLI tool? Use Field. Deploying a service with a config file? Use Render. Running AI agents that make API calls? Use Proxy.

Why this beats every other credential proxy.

Nothing to steal. Cloud-hosted proxies are high-value targets — breach one and you get every customer's credentials. Local proxies store credentials in their own config, readable by any agent on the machine. Clavitor's proxy holds only an encrypted config file. No plaintext secrets on disk, no credential store to raid.

Agents can't pry it open. A compromised agent can't extract credentials from the proxy — the proxy doesn't expose an API, serve a dashboard, or accept commands. It reads one header, resolves one reference, and injects the result into the outbound request. No attack surface.

Nothing in logs. The agent writes clavitor://Entry/field. That's what appears in stdout, in logs, in conversation history. The real credential exists only inside the proxy process for the duration of one HTTP call. Log aggregators, crash dumps, CI artifacts — clean.

Zero config. No routing tables, no API mappings, no credential files to manage. The clavitor:// reference in the header is the only instruction. One init, one env var, done.

Languages

Works in every language. No SDK required.

Bash

# The proxy handles credential injection — no secrets in the command
$ export HTTPS_PROXY=http://localhost:1983
$ curl -H "Authorization: Bearer clavitor://OpenRouter API/key" \
  https://openrouter.ai/api/v1/models

Go

key, _ := exec.Command("clavitor-cli", "get", "OpenRouter API", "--field", "key").Output()
client := openai.NewClient(option.WithAPIKey(strings.TrimSpace(string(key))))

Python

import subprocess
# Pass directly — or use the HTTPS proxy to avoid holding the key entirely
stripe.api_key = subprocess.check_output(
    ["clavitor-cli", "get", "Stripe API", "--field", "key"]
).decode().strip()

Rust

let key = std::process::Command::new("clavitor-cli")
    .args(["get", "AWS Credentials", "--field", "secret_key"])
    .output()?;
let client = aws::Client::new(String::from_utf8(key.stdout)?.trim());

TypeScript / Node

import { execSync } from 'child_process';
const apiKey = execSync('clavitor-cli get "Anthropic API" --field key').toString().trim();
const client = new Anthropic({ apiKey });

C# / .NET

using System.Diagnostics;
var psi = new ProcessStartInfo("clavitor-cli") { RedirectStandardOutput = true, UseShellExecute = false };
psi.ArgumentList.Add("get");
psi.ArgumentList.Add("Stripe API");
psi.ArgumentList.Add("--field");
psi.ArgumentList.Add("key");
var key = Process.Start(psi)!.StandardOutput.ReadToEnd().Trim();
var client = new StripeClient(key);

PowerShell

# Single value — pipe or use directly
$key = clavitor-cli get "AWS Credentials" --field secret_key
Set-AWSCredential -AccessKey $env:AWS_ACCESS_KEY -SecretKey $key

# Or use the proxy — no secrets in the script at all
$env:HTTPS_PROXY = "http://localhost:1983"
Invoke-RestMethod -Uri "https://api.openai.com/v1/models" `
  -Headers @{ Authorization = "Bearer clavitor://OpenAI/key" }

Java

import java.nio.charset.StandardCharsets;

Process p = new ProcessBuilder("clavitor-cli", "get", "Stripe API", "--field", "key").start();
String key = new String(p.getInputStream().readAllBytes(), StandardCharsets.UTF_8).trim();
Stripe.apiKey = key;

Config rendering

Store your configs. Not your secrets.

clavitor-cli render scans any file for clavitor://entry/field references, resolves each against the vault, and outputs the result. The template is safe to store anywhere. The resolved config lives in a pipe. Secrets never touch disk.

# Template (safe to store anywhere)
$ cat app.config.json
{"api_key": "clavitor://OpenRouter API/key", "db": "clavitor://Prod DB/password"}

# Resolved (piped to application, never on disk)
$ clavitor-cli render app.config.json
{"api_key": "sk-or-v1-abc123...", "db": "hunter2"}

Works with JSON, YAML, TOML, .env, or any text file. If it contains clavitor://, it gets resolved.

More integration guides

Infrastructure

Docker, Kubernetes, Terraform, Ansible, GitHub Actions, GitLab CI, SSH. Zero secrets in config, zero secrets in logs.

Infrastructure guide →

AI Agents

Claude Code, Codex, OpenClaw, Hermes, CrewAI, LangChain. Scoped tokens, audit trails, automatic lockdown.

Agent guide →

MSP Tools

PowerShell, Datto RMM, N-able, ConnectWise Automate. Credential issuance for your client base.

MSP guide →

The pattern is always the same.

One CLI call, any context. The agent's scope determines what it can see. The tier determines what it can decrypt. The audit log records every access.

Start free