Integration Guide
Clavitor + OpenAI Codex
Connect Codex to your vault via the CLI. Scoped tokens, TOTP generation, field-level encryption. Your Codex agent gets exactly what it needs.
How it works
Codex calls the Clavitor CLI to fetch credentials and generate 2FA codes. Each token is scoped — Codex only sees entries you've explicitly allowed.
Setup
1
Install Clavitor
$ curl -fsSL clavitor.ai/install.sh | sh
2
Create an agent for Codex
In the web UI, create an agent scoped to the entries Codex needs.
$ clavitor-cli init <setup-token>
3
Fetch credentials from Codex
$ clavitor-cli get "OpenAI API" --field password
sk-proj-...
$ clavitor-cli totp aws
739201 (expires in 22s)
Three-tier encryption
Vault Encryption
Entire vault encrypted at rest. AES-256-GCM.
Credential Encryption
Per-field. Codex can read these via scoped CLI tokens.
Identity Encryption
Per-field. Client-side. WebAuthn PRF. Nobody can read these — not Codex, not us.
Scoped access for every agent. Your secrets stay yours.
Get hosted — $12/yr