Claude Skill
Infisical/agent-vault
Agent Vault is a secure HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, and Hermes. Manage secrets, prevent leakage, and simplify rotation.
Overview
Repository
Install this Skill
docker run -it -p 14321:14321 -p 14322:14322 \Registry
docker run -it -p 14321:14321 -p 14322:14322 \npm install @infisical/agent-vault-sdk
Summary
Agent Vault is an HTTP credential proxy and vault designed for AI agents such as Claude Code, OpenClaw, Hermes, and custom agent harnesses. It securely manages and injects secrets into agent workflows, preventing credential leakage and simplifying secret rotation.
一个用于Claude Code、OpenClaw、Hermes、自定义代理及工具等AI代理的HTTP凭证代理与保险库。
Key features
- HTTP credential proxy for AI agents
- Secure vault for secrets and API keys
- Seamless integration with Claude Code, OpenClaw, Hermes
- Supports custom agents and harnesses
- Prevents credential leakage in agent outputs
- Built with Go for performance and reliability
Use cases
- Inject secrets into Claude Code workflows
- Securely manage API keys for OpenClaw agents
- Provide credentials to Hermes agent harnesses
- Centralize secret management for custom AI agents
- Rotate credentials without modifying agent code
README excerpt
<p align="center"> <img src="assets/banner.png" alt="Agent Vault" /> </p> <p align="center"><strong>HTTP credential proxy and vault</strong></p> <p align="center"> An open-source credential broker by <a href="https://infisical.com">Infisical</a> that sits between your agents and the APIs they call.<br> Agents should not possess credentials. Agent Vault eliminates credential exfiltration risk with brokered access. </p> <p align="center"> <strong>New here? The <a href="https://infisical.com/blog/agent-vault-the-open-source-credential-proxy-and-vault-for-agents">launch blog post</a> has the full story behind Agent Vault.</strong> </p> <p align="center"> <a href="https://docs.agent-vault.dev">Documentation</a> | <a href="https://docs.agent-vault.dev/installation">Installation</a> | <a href="https://docs.agent-vault.dev/tutorial">Tutorial</a> | <a href="https://youtu.be/6dERVjLk0-Q">Video Demo</a> | <a href="https://infisical.com/slack">Slack</a> </p> <p align="center"> <img src="assets/agent-vault.gif" alt="Agent Vault demo" /> </p> ## Why Agent Vault Traditional secrets management involves returning credentials back to you applications and services. This breaks down with AI agents which can be tricked via [prompt injection](https://en.wikipedia.org/wiki/Prompt_injection) into leaking secrets. This is the problem of **credential exfiltration**. Agent Vault was created to solve credential exfiltration for all AI agents. Instead of giving AI agents credentals directly, you store them in Agent Vault (e.g. `ANTHROPIC_API_KEY`, `GITHUB_PAT`, etc.) and force your agents to route HTTP requests through it. Agent Vault intercepts every request and attaches credentials onto it before forwarding the request to the target outbound API. Features: - **Credential Brokering**