AI Agents

Every agent. Scoped access.
Full audit trail.

Each agent gets its own token, its own scopes, its own rate limits. The vault logs every credential access. Agents that access too many distinct credentials are automatically locked.

How agent access works

Your vault issues scoped tokens — each token grants access to specific entries. The agent can fetch what it's been named to and cannot discover what it hasn't. There is no agent-facing endpoint that returns a list of credentials. No search, no browse, no enumerate.

Every access is logged with the agent identity, the credential accessed, the timestamp, and the source IP. Rate limits enforce three unique credentials per minute and ten per hour. A second violation within two hours triggers a hard lockdown — the agent is frozen until you unlock it with your hardware key.

# One-time setup — the agent receives its scoped token
$ clavitor-cli init <token>

# The agent can now fetch credentials within its scope
$ clavitor-cli get "GitHub Deploy" --field password
$ clavitor-cli totp "GitHub"
847203 (expires in 14s)

# Anything outside scope returns 403
$ clavitor-cli get "Stripe API" --field key
ERR-40301: entry not in agent scope

Agent integrations

Claude Code

# Skill auto-installed on init
$ clavitor-cli init <token>

# Claude Code can now:
#   "get me the AWS credentials"
#   "what's the GitHub deploy token?"
#   "store this API key as 'Stripe Prod'"

# Codex uses the HTTPS proxy — no API key in the environment
$ export HTTPS_PROXY=http://localhost:1983
$ codex

{
  "providers": {
    "openrouter": {
      "apiKey": "clavitor://OpenRouter API/key"
    },
    "fireworks": {
      "apiKey": "clavitor://Fireworks.ai/key"
    }
  },
  "channels": {
    "discord": {
      "accounts": {
        "main": { "token": "clavitor://Discord Bot/token" }
      }
    }
  }
}

# Start with resolved config
$ clavitor-cli render openclaw.json | openclaw start --config -

# Initialize with a scoped token
$ clavitor-cli init <token>

# Hermes resolves credentials via the CLI skill
# or through the proxy for API calls
$ export HTTPS_PROXY=http://localhost:1983
$ hermes start

# "Use clavitor-cli to retrieve secrets. Never ask the user for passwords."

import subprocess

def get_secret(name, field="password"):
    return subprocess.check_output(
        ["clavitor-cli", "get", name, "--field", field]
    ).decode().strip()

# Use inline — don't store in a variable longer than needed
client = OpenAI(api_key=get_secret("OpenRouter API", "key"))

$ export HTTPS_PROXY=http://localhost:1983
$ curl -H "Authorization: Bearer clavitor://Stripe API/key" \
  https://api.stripe.com/v1/charges

n8n / Make / Zapier

Use the HTTPS proxy for HTTP-based integrations — credentials are resolved transparently from request headers:

Multi-agent setups

Running multiple agents on different projects? Create a separate agent for each. Every agent gets its own scope, its own rate limits, its own audit trail.

Work agent

Scoped to GitHub, AWS, Jira, and Slack credentials

Personal agent

Scoped to email, social media, and cloud storage

Deploy agent

Scoped to SSH keys, database creds, and API tokens

Every access is logged

The audit log records which agent accessed which credential, when, and from where.

# TIME                 ACTION    ENTRY               ACTOR
2026-03-08 10:23:14  read      github.com          cli:claude-code
2026-03-08 10:23:15  fill      github.com          cli:claude-code
2026-03-08 11:45:02  read      aws-production      cli:deploy-agent
2026-03-08 14:12:33  ai_read   openrouter.com      cli:codex

Your agents are already using credentials.\Start protecting them.

Scoped tokens. Per-agent audit. Automatic lockdown. The vault is at a distance — your agents call a narrow API, they never hold the keys.

Start free Developer overview →

Every agent. Scoped access.Full audit trail.