agent-vault 0.1.0

Zero-trust credential manager for AI agents
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

# agent-vault Integration Examples

## Claude Desktop (MCP Server)

Add this to your Claude Desktop configuration (`~/Library/Application Support/Claude/claude_desktop_config.json` on macOS):

```json
{
  "mcpServers": {
    "agent-vault": {
      "command": "agent-vault-mcp",
      "args": ["--repo", "/path/to/your/vault-repo", "--key", "/path/to/agent.key"]
    }
  }
}
```

The MCP server holds the agent's private key in memory — the agent process never touches key material. It exposes two tools:

- `agent_vault_get(secret)` — decrypt and return a secret
- `agent_vault_list(group?)` — list available secrets with metadata

## Docker

### Dockerfile

```dockerfile
FROM python:3.12-slim

RUN pip install agent-vault

COPY agent.py /app/agent.py
WORKDIR /app
CMD ["python", "agent.py"]
```

### agent.py

```python
import os
from agent_vault import Vault

vault = Vault(
    repo_path="/vault",
    key_str=os.environ["AGENT_VAULT_KEY"],
    auto_pull=True,
)

api_key = vault.get("stripe/api-key")
# Use the secret...
```

### Run

Mount the vault repo as a read-only volume and inject the agent key via environment variable:

```bash
docker run \
  -v /path/to/vault-repo:/vault:ro \
  -e AGENT_VAULT_KEY="$(cat ~/.agent-vault/agents/my-agent.key)" \
  my-agent-image
```

## GitHub Actions

Store the agent's private key as a GitHub Actions secret named `AGENT_VAULT_KEY`. The CLI and SDK both resolve keys from this environment variable automatically.

```yaml
name: Deploy
on:
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install agent-vault
        run: cargo install --path .

      - name: Retrieve secrets
        env:
          AGENT_VAULT_KEY: ${{ secrets.AGENT_VAULT_KEY }}
        run: |
          DB_URL=$(agent-vault get postgres/connection-string)
          echo "::add-mask::$DB_URL"
          echo "DB_URL=$DB_URL" >> "$GITHUB_ENV"

      - name: Deploy
        run: ./deploy.sh
```

The `::add-mask::` directive prevents secret values from appearing in CI logs.

## Python SDK in a FastAPI App

```python
from contextlib import asynccontextmanager
from fastapi import FastAPI

from agent_vault import Vault

vault: Vault

@asynccontextmanager
async def lifespan(app: FastAPI):
    global vault
    vault = Vault(
        repo_path="/path/to/vault",
        key_path="~/.agent-vault/agents/my-agent.key",
    )
    yield

app = FastAPI(lifespan=lifespan)

@app.get("/process-payment")
async def process_payment():
    stripe_key = vault.get("stripe/api-key")
    # Use stripe_key for this request...
    return {"status": "ok"}
```