Open source · Elastic License 2.0

Self-host Clavitor

One binary. No Docker. No Postgres. No Redis. Runs anywhere.

1

Download

Pick your platform. One binary, no dependencies.

Loading downloads…

2

Run it

$ chmod +x clavitor-linux-amd64
$ ./clavitor-linux-amd64
Clavitor running on https://localhost
3

Create an agent

Open the web UI, go to Agents, and create a new agent. Give it a name (e.g. "Claude Code") and choose which entries it can access. Clavitor generates a setup token — a single string that encodes the vault address, agent identity, and encryption key.

On the machine where your AI agent runs, initialize the CLI with that token:

$ clavitor-cli init <setup-token>

One-time setup. The token is decoded and saved as encrypted local config.

Screenshot placeholder — agent creation UI

4

Install the Claude Code skill

The CLI ships with a built-in skill definition that teaches Claude Code how to use your vault. One command installs it.

# Install globally (all projects)
$ clavitor-cli skill > ~/.claude/skills/clavitor.md
# Or install for a specific project
$ clavitor-cli skill > /path/to/project/.claude/skills/clavitor.md

The skill is embedded in the binary. Update it by downloading a new release.

5

Use it

Your agent can now fetch credentials, generate TOTP codes, and store new secrets. Every access is logged in the vault's audit trail.

# Fetch a credential
$ clavitor-cli get github
# Generate a TOTP code
$ clavitor-cli totp github
# Store a new credential
$ clavitor-cli put credential "AWS Prod" --username admin --password s3cret
# List all entries
$ clavitor-cli list

Run as a service

For always-on availability, run Clavitor as a systemd service.

/etc/systemd/system/clavitor.service

[Unit]
Description=clavitor
After=network.target

[Service]
Type=simple
User=clavitor
ExecStart=/usr/local/bin/clavitor
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
$ sudo systemctl enable --now clavitor

Expose to the internet

Put Clavitor behind Caddy for TLS and remote access.

Caddyfile

vault.yourdomain.com {
    reverse_proxy localhost:1984
}

Self-hosting and AI agents

Your vault should not run on the same machine as your AI agents.

AI agents have shell access. If the vault database is on the same filesystem, an agent can read it directly — bypassing the API, the audit log, and the encryption model.

Run the vault on a separate device. A Raspberry Pi, a NAS, a VM, or a VPS — anything the agent can reach over HTTPS but cannot SSH into. Even a $5/month VPS works, though hosted Clavitor does the same thing for $1/month.

If you must run on the same machine: create a dedicated system user for the vault, restrict the database file to that user (chmod 600), and run the vault as a systemd service under that account. This is not equivalent to network isolation, but it raises the bar.

Rather not manage it yourself?

Same vault, same features. We handle updates, backups, and TLS. $20 $12/yr.

See hosted option →