Integration Guide

clavitor + Claude Code

Give your Claude agent secure access to credentials, TOTP codes, and API keys — without exposing card numbers, passports, or recovery codes.

What Claude sees

Shared fields

Claude reads these via the CLI skill to help you code, deploy, and authenticate.

API keys (GitHub, AWS, Stripe, OpenAI...)
SSH host credentials
Database connection strings
TOTP seeds — Claude generates 2FA codes autonomously
Service account passwords

What Claude never sees

Personal fields

Encrypted client-side with your fingerprint, face, or security key. The server stores ciphertext. No key, no access.

Credit card numbers & CVV
Passport & government IDs
Recovery codes & seed phrases
Social security numbers
Bank account details

Setup in 2 minutes

Create an agent in clavitor, initialize the CLI, done. The skill installs automatically.

1. Create an agent

Open your vault -> Agents -> Create. Name it "Claude Code" and choose which entries it can access. Copy the setup token — it's shown only once.

Each agent gets its own token, scopes, and rate limits.

2. Initialize the CLI

On the machine where Claude Code runs:

$ echo "$CLAVITOR_TOKEN" | clavitor-cli init

3. Done

Claude Code picks up the skill immediately. Ask it to fetch a credential, generate a TOTP code, or store a new secret — it knows how.

# Claude can now run:
$ clavitor-cli get "GitHub" --field password
$ clavitor-cli totp "GitHub"
$ clavitor-cli render app.config.json

You don't have to do anything

Once connected, Claude handles credentials automatically. Need to deploy? It looks up your SSH key. Need to log in? It fetches the password and generates the 2FA code. You just ask for what you want done.

"Deploy to production"

Claude looks up your server credentials, SSH key, and any required API tokens — then does the deployment.

clavitor-cli get "aws-production" --field secret_key
clavitor-cli totp "aws"
283941

"Log in to GitHub and check the CI"

Claude finds the credential, generates a live TOTP code, and completes the 2FA flow. No phone needed.

clavitor-cli get "github" --field password
clavitor-cli totp "github"
847203

"Save this API key"

Claude stores new credentials, notes, and configuration directly in your vault using clavitor-cli put. Sign up for a service, generate an API key, or jot down a config snippet — Claude saves it immediately.

"Remember this for later"

License keys, server configs, migration plans, recovery instructions — anything you tell Claude to remember goes into a Memory or Note via clavitor-cli memory put or clavitor-cli note put. Encrypted, searchable by embedding.

One vault, multiple agents

Running Claude on different projects? Create a separate agent for each.

Work agent

Scoped to GitHub, AWS, Jira, and Slack credentials

Personal agent

Scoped to email, social media, and cloud storage

Deploy agent

Scoped to SSH keys, database creds, and API tokens

Every access is logged

The audit log records which agent accessed which credential, when, and from where.

# TIME                 ACTION  ENTRY               ACTOR
2026-03-08 10:23:14  read    github.com          cli:claude-code
2026-03-08 10:23:15  totp    github.com          cli:claude-code
2026-03-08 11:45:02  read    aws-production      cli:deploy-agent
2026-03-08 14:12:33  render  -                   cli:claude-code

Get started

Start free See plans