Integration Guide

Clavitor + OpenAI Codex

Connect Codex to your vault via the CLI. Scoped tokens, TOTP generation, field-level encryption. Your Codex agent gets exactly what it needs.

How it works

Codex calls the Clavitor CLI to fetch credentials and generate 2FA codes. Each token is scoped β€” Codex only sees entries you've explicitly allowed.

Setup

1

Install Clavitor

$ curl -fsSL clavitor.ai/install.sh | sh
2

Create an agent for Codex

In the web UI, create an agent scoped to the entries Codex needs.

$ clavitor-cli init <setup-token>
3

Fetch credentials from Codex

$ clavitor-cli get "OpenAI API" --field password
sk-proj-...
$ clavitor-cli totp aws
739201 (expires in 22s)

Three-tier encryption

Vault Encryption

Entire vault encrypted at rest. AES-256-GCM.

Credential Encryption

Per-field. Codex can read these via scoped CLI tokens.

Identity Encryption

Per-field. Client-side. WebAuthn PRF. Nobody can read these β€” not Codex, not us.

Scoped access for every agent. Your secrets stay yours.

Get hosted — $20 $12/yr Self-host free →