Agentic Vault
FreeNot checkedMCP server that lets AI agents call APIs without ever seeing the credentials, using a local encrypted vault and per-secret allowlist policies for HTTP requests
About
MCP server that lets AI agents call APIs without ever seeing the credentials, using a local encrypted vault and per-secret allowlist policies for HTTP requests and subprocess environment variables.
README
MCP server that lets AI agents call APIs without ever seeing the credentials.
license: AGPL-3.0 commercial license available Node 20+
Secrets live in a local encrypted vault. The server substitutes them at call time into outbound HTTP requests or subprocess environment variables, under a per-secret allowlist policy. The model only ever sees secret names, never values.
Homepage: https://agenticvault.madhoob.dev
Why
Letting an AI agent make authenticated calls usually means giving it the raw API key. That breaks least-privilege, pollutes transcripts and logs, and means one jailbreak or prompt-injection is enough to exfiltrate the token.
Agentic Vault splits the two: the agent picks a secret by name and a destination; the vault checks the policy and injects the value. The plaintext never crosses the tool boundary.
Install
npm install -g secretproxy
secretproxy init # creates the global vault, stores master password in the OS keychain
secretproxy add OPENROUTER_API_KEY sk-or-...
secretproxy policy set OPENROUTER_API_KEY --host openrouter.ai
secretproxy run # start the MCP server over stdio
Then point any MCP client (Claude Code, Cursor, Cline, Codex, Zed) at secretproxy run.
Tools exposed over MCP
| Tool | Purpose |
|---|---|
list_secrets |
Enumerate available secret names (no values) |
http_request |
Make an HTTP call with a secret injected into headers, query, or body |
run_command |
Run a subprocess with secrets injected as env vars |
scan_env_requirement |
Detect what env vars a project expects and match them to stored secrets |
Features
- Zero-plaintext injection — values substituted inside the vault, never in the model context
- Per-secret policy — allow-lists for HTTP hosts, commands, env vars; deny by default; optional wildcards (strict mode rejects them)
- AES-256-GCM vault with argon2id key derivation
- Encrypted audit trail — every call logged with policy decision, surface, outcome
- Scoped vaults — global defaults + per-project overrides
- OS-native password storage — macOS Keychain, libsecret, Windows Credential Manager
- Interactive TUI (
secretproxy tui) and local-only web UI (secretproxy ui) - Rate limiting with token buckets
- Zero telemetry — no outbound calls, local-only by design
Development
npm install
npm test # 328 tests across 45 files
npm run build
npm run typecheck
Architecture primer: src/vault/ owns encryption, src/mcp/ owns the MCP tool surface, src/policy/ owns allowlist enforcement, src/audit/ owns the append-only log.
License
AGPL-3.0-or-later for open-source use — see LICENSE.
If your use case is incompatible with AGPL's network-copyleft clause (embedding in a proprietary product, offering as a managed service without source disclosure, etc.), a commercial license is available — see COMMERCIAL-LICENSE.md.
Contact: [email protected]
Install Agentic Vault in Claude Desktop, Claude Code & Cursor
unyly install agentic-vaultInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add agentic-vault -- npx -y github:AliProgrammin/agentic-vaultFAQ
Is Agentic Vault MCP free?
Yes, Agentic Vault MCP is free — one-click install via Unyly at no cost.
Does Agentic Vault need an API key?
No, Agentic Vault runs without API keys or environment variables.
Is Agentic Vault hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Agentic Vault in Claude Desktop, Claude Code or Cursor?
Open Agentic Vault on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare Agentic Vault with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
