[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74656":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":14,"lastSyncTime":33,"discoverSource":34},74656,"agent-vault","Infisical\u002Fagent-vault","Infisical","A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more.","https:\u002F\u002Fdocs.agent-vault.dev",null,"Go",1635,84,2,3,0,21,109,610,63,18.79,"Other",false,"main",true,[27,28,29],"agents","ai-agents","secrets-management","2026-06-12 02:03:26","\u003Cp align=\"center\">\n  \u003Cimg src=\"assets\u002Fbanner.png\" alt=\"Agent Vault\" \u002F>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\u003Cstrong>HTTP credential proxy and vault\u003C\u002Fstrong>\u003C\u002Fp>\n\n\u003Cp align=\"center\">\nAn open-source credential broker by \u003Ca href=\"https:\u002F\u002Finfisical.com\">Infisical\u003C\u002Fa> that sits between your agents and the APIs they call.\u003Cbr>\nAgents should not possess credentials. Agent Vault eliminates credential exfiltration risk with brokered access.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n\u003Cstrong>New here? The \u003Ca href=\"https:\u002F\u002Finfisical.com\u002Fblog\u002Fagent-vault-the-open-source-credential-proxy-and-vault-for-agents\">launch blog post\u003C\u002Fa> has the full story behind Agent Vault.\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n\u003Ca href=\"https:\u002F\u002Fdocs.agent-vault.dev\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.agent-vault.dev\u002Finstallation\">Installation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.agent-vault.dev\u002Ftutorial\">Tutorial\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F6dERVjLk0-Q\">Video Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Finfisical.com\u002Fslack\">Slack\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"assets\u002Fagent-vault.gif\" alt=\"Agent Vault demo\" \u002F>\n\u003C\u002Fp>\n\n## Why Agent Vault\n\nTraditional secrets management involves returning credentials back to you applications and services. This breaks down with AI agents which can be tricked via [prompt injection](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FPrompt_injection) into leaking secrets. This is the problem of **credential exfiltration**.\n\nAgent Vault was created to solve credential exfiltration for all AI agents. Instead of giving AI agents credentals directly, you store them in Agent Vault (e.g. `ANTHROPIC_API_KEY`, `GITHUB_PAT`, etc.) and force your agents to route HTTP requests through it. Agent Vault intercepts every request and attaches credentials onto it before forwarding the request to the target outbound API.\n\nFeatures:\n\n- **Credential Brokering**: Broker AI agents access target services like LLM providers and GitHub without them holding any real credentials. Agent Vault is able to broker that access by substituting dummy values in headers like `__anthropic_api_key__` with real credentials or replacing auth headers entirely on outbound requests through it.\n- **Transparent Integration**: Let AI agents use existing tools like MCP, CLI, SDK, API with all underlying requests automatically routed through Agent Vault. Agent Vault takes an interface-agnostic, non-invasive approach to credential brokering by bootstrapping your agents' environment to use `HTTPS_PROXY` and be compatible with Agent Vault's MITM architecture.\n- **Purpose-Built Design**: Existing forward proxies like `mitmproxy` or `squid` require modification to perform credential brokering and integrate well with agents. Agent Vault is purpose-built to work with the ergonomics of all types of agent use-cases with a dedicated CLI, multi-tenancy, and agent-specific roadmap backed by [Infisical](https:\u002F\u002Fgithub.com\u002FInfisical\u002Finfisical).\n- **Egress Filtering**: Control which agents should have access to which services and API endpoints on them since authenticated requests flow through Agent Vault.\n- **Request Logging**: Inspect authenticated traffic to monitor and diagnose agent behavior.\n\nBy default, requests not matching any service forward as plain proxy traffic; flip a vault into strict deny mode (`unmatched_host_policy=deny`) to reject them with 403 instead.\n\nRead the full backstory behind Agent Vault [here](https:\u002F\u002Finfisical.com\u002Fblog\u002Fagent-vault-the-open-source-credential-proxy-and-vault-for-agents).\n\n## Use Cases\n\nAgent Vault works with all kinds of AI Agent use-cases including secure remote coding agents, all-purpose agents, custom agents + harnesses, secure ephemeral sandboxes and more.\n\n- Secure remote coding agents: You can run a remote Claude Code session and configure it to proxy requests through Agent Vault. As part of this setup, you can set an `ANTHROPIC_API_KEY` and `GITHUB_PAT` in Agent Vault, allowing Claude Code to interact with the Anthropic and GitHub API to code, raise PRs, and more. The same principle applies to other coding agents.\n- Secure all-purpose agents: You can set up OpenClaw, Hermes, and other all-purpose agents to proxy outbound requests through Agent Vault.\n- Secure custom agents: You can build your own AI agents with custom harnesses and configure them to proxy outbound requests through Agent Vault.\n- Secure ephemeral sandboxes: You can configure an orchestrator (e.g. backend) to mint a temporary token to be passed into an agent sandbox to use to proxy requests through agent vault. You can even have the sandboxed agent loop back a request to the same backend that spun it up.\n\n## Basic Usage\n\nAgent Vault is both a vault and proxy service and ships as a single binary that acts as both a server and CLI client. It stores credentials and brokers them to your AI agents using a MITM proxy architecture. By design, Agent Vault is meant to be deployed on a separate machine from your AI agents to provide the security guarantee needed so your AI agents cannot directly access the credentials within Agent Vault.\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│ Public internet                                                 │\n│                                                                 │\n│   api.anthropic.com    api.github.com    api.stripe.com   ...   │\n│          ▲                   ▲                  ▲               │\n└──────────┼───────────────────┼──────────────────┼───────────────┘\n           │                   │                  │\n           └───────────────────┼──────────────────┘\n                               │ outbound HTTPS, Agent Vault\n                               │ injects credentials on the way out\n┌──────────────────────────────┼──────────────────────────────────┐\n│ Private network              │                                  │\n│                              │                                  │\n│  ┌───────────────────────────┴────┐     ┌────────────────────┐  │\n│  │ Agent Vault                    │     │ AI agent           │  │\n│  │ :14321  management UI \u002F API    │◀────│ HTTPS_PROXY=       │  │\n│  │ :14322  MITM proxy             │     │ agent-vault:14322  │  │\n│  └────────────────▲───────────────┘     └────────────────────┘  │\n│                   │                                             │\n└───────────────────┼─────────────────────────────────────────────┘\n                    │ operator access: keep private, or front\n                    │ with TLS + auth (SSO reverse proxy, IP\n                    │ allowlist, or VPN) if you need remote admin\n                    │\n                Operator\n```\n\nYou can configure Agent Vault to broker credentials for an AI agents in just a few steps:\n\n1. [Install](https:\u002F\u002Fdocs.agent-vault.dev\u002Finstallation) and start an Agent Vault server. You can run the script below to Install Agent Vault, supporting macOS (Intel + Apple Silicon) and Linux (x86_64 + ARM64):\n\n```bash\ncurl --proto '=https' --proto-redir '=https' --tlsv1.2 -fsSL https:\u002F\u002Fget.agent-vault.dev | sh\n```\n\nStart the Agent Vault server and set a master password for it (store it somewhere safe); the password is used as part of its [data encryption mechanism](https:\u002F\u002Fdocs.agent-vault.dev\u002Flearn\u002Fsecurity) and is unset from the process after the initial read.\n\n```bash\nexport AGENT_VAULT_MASTER_PASSWORD=your-password\nagent-vault server -d\n```\n\nYou can also deploy Agent Vault with Docker:\n\n```bash\ndocker run -it -p 14321:14321 -p 14322:14322 \\\n  -e AGENT_VAULT_MASTER_PASSWORD=your-password \\\n  -v agent-vault-data:\u002Fdata infisical\u002Fagent-vault\n```\n\nThe server starts the HTTP API on port `14321` and a TLS-encrypted transparent HTTP\u002FHTTPS proxy on port `14322`; the same listener handles `CONNECT` for `https:\u002F\u002F` upstreams and absolute-form forward-proxy requests for `http:\u002F\u002F` upstreams.\n\nThe web UI becomes available at `http:\u002F\u002F\u003Chost>:14321` and you'll be prompted to create the first user known as the instance **owner**.\n\n2. Create a [vault](https:\u002F\u002Fdocs.agent-vault.dev\u002Flearn\u002Fvaults), input your [credentials](https:\u002F\u002Fdocs.agent-vault.dev\u002Flearn\u002Fcredentials), and configure [service rules](https:\u002F\u002Fdocs.agent-vault.dev\u002Flearn\u002Fservices) in Agent Vault either through the management UI or via CLI on the Agent Vault machine. For example, you can create a credential for `ANTHROPIC_API_KEY` and create a service rule for Agent Vault to substitute a dummy value `__anthropic_api_key__` for the real key.\n\n3. Create an [agent](https:\u002F\u002Fdocs.agent-vault.dev\u002Fagents\u002Foverview) to represent a long-running agent and obtain a **token** for it. Alternatively, if you're spinning up ephemeral sandboxed agents, you can use [agent](https:\u002F\u002Fdocs.agent-vault.dev\u002Fagents\u002Foverview) to represent an orchestrator backend and use it to mint a short-lived **token** to be passed into the sandbox for the agent to use and proxy requests through Agent Vault.\n\n4. Set the following environment variables in your AI agent's environment:\n\n```bash\nAGENT_VAULT_ADDR=http:\u002F\u002F\u003Cyour-addr>:14321\nAGENT_VAULT_TOKEN=\u003Cagent-token-from-agent-vault>\nAGENT_VAULT_VAULT=\u003Cvault-in-agent-vault>\n...\nANTHROPIC_API_KEY=__anthropic_api_key__ \u002F\u002F dummy key that will be substituted by Agent Vault\n```\n\n5. [Install](https:\u002F\u002Fdocs.agent-vault.dev\u002Finstallation) the Agent Vault CLI into your agent's environment and run the Agent Vault CLI with your agent to start proxying requests through Agent Vault.\n\n```bash\ncurl --proto '=https' --proto-redir '=https' --tlsv1.2 -fsSL https:\u002F\u002Fget.agent-vault.dev | sh\n```\n\n```bash\nagent-vault run -- claude\nagent-vault vault run -- agent\nagent-vault vault run -- codex\nagent-vault vault run -- opencode\n```\n\nAlternatively, if your agent is running with Docker, you can install the Agent Vault CLI via a Dockerfile by copying the binary into your own image and using it to start up your agent process:\n\n```dockerfile\n# Add this line to your existing Dockerfile alongside your agent or app setup.\nCOPY --from=infisical\u002Fagent-vault:latest \u002Fusr\u002Flocal\u002Fbin\u002Fagent-vault \u002Fusr\u002Flocal\u002Fbin\u002Fagent-vault\n\n...\n\nENTRYPOINT [\"agent-vault\", \"run\", \"--\", \"claude\"]\n```\n\nThere are many ways to deploy Agent Vault and integrate your AI agents with it. We recommend consulting the fuller [documentation](https:\u002F\u002Fdocs.agent-vault.dev\u002Finstallation).\n\n## See it in Action\n\nA full end-to-end walkthrough: running Hermes Agent on a remote VPS while Agent Vault brokers every outbound API call from a second box. Real credentials never touch the agent host.\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F6dERVjLk0-Q\">\n    \u003Cimg src=\"assets\u002Fhermes-vps-video-thumbnail.png\" alt=\"Watch: Run Hermes on a VPS without leaking your API keys\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\nStep-by-step companion guide: [Run Hermes on a VPS](https:\u002F\u002Fdocs.agent-vault.dev\u002Fguides\u002Fhermes-on-vps).\n\n## Best Practices\n\n1. Security:\n\n- You should deploy Agent Vault as a separate service on a different host machine from your AI agents to prevent agents from exploiting a shared host to gain access to Agent Vault.\n- You should keep the proxy port (14322 by default), where credentials get injected into outbound requests, private to your agents' network. The management interface on 14321 is safer to expose if you need remote admin, but still harden it like any production web service (TLS, IP allowlist). Refer to [examples\u002Fnginx-public-ui-proxy\u002F](examples\u002Fnginx-public-ui-proxy\u002F) for a working example.\n\n2. Latency: You should co-locate Agent Vault alongside your AI agents within the same network to reduce request latency.\n\n3. Tokens: You should create an [agent](https:\u002F\u002Fdocs.agent-vault.dev\u002Fagents\u002Foverview) in Agent Vault to represent a long-lived agent. For ephemeral sandboxes, you may prefer to mint short-lived, vault-scoped tokens for sandboxed agents to use to proxy requests through Agent Vault.\n\n## SDK\n\nAgent Vault offers a TypeScript SDK in the event you'd like an orchestrator to mint a short-lived token and pass proxy config into a sandboxed agent to have it proxy requests through Agent Vault that way.\n\n```bash\nnpm install @infisical\u002Fagent-vault-sdk\n```\n\n```typescript\nimport { AgentVault, buildProxyEnv } from \"@infisical\u002Fagent-vault-sdk\";\n\nconst av = new AgentVault({\n  token: \"YOUR_TOKEN\", \u002F\u002F agent token\n  address: \"http:\u002F\u002Flocalhost:14321\",\n});\nconst session = await av\n  .vault(\"my-vault\")\n  .sessions.create({ vaultRole: \"proxy\" });\n\n\u002F\u002F certPath is where you'll mount the CA certificate inside the sandbox.\nconst certPath = \"\u002Fetc\u002Fssl\u002Fagent-vault-ca.pem\";\n\n\u002F\u002F env: { HTTPS_PROXY, HTTP_PROXY, NO_PROXY, NODE_USE_ENV_PROXY,\n\u002F\u002F         SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE,\n\u002F\u002F         CURL_CA_BUNDLE, GIT_SSL_CAINFO, DENO_CERT }\nconst env = buildProxyEnv(session.containerConfig!, certPath);\nconst caCert = session.containerConfig!.caCertificate;\n\n\u002F\u002F Pass `env` as environment variables and mount `caCert` at `certPath`\n\u002F\u002F in your sandbox — Docker, Daytona, E2B, Firecracker, or any other runtime.\n\u002F\u002F Once configured, the agent inside just calls APIs normally:\n\u002F\u002F   fetch(\"https:\u002F\u002Fapi.github.com\u002F...\") — no SDK, no credentials needed.\n```\n\nSee the [TypeScript SDK README](sdks\u002Fsdk-typescript\u002FREADME.md) for full documentation.\n\n## Development\n\n```bash\nmake build      # Build frontend + Go binary\nmake test       # Run tests\nmake web-dev    # Vite dev server with hot reload (port 5173)\nmake dev        # Go + Vite dev servers with hot reload\nmake docker     # Build Docker image\n```\n\n## Open-source vs. paid\n\nThis repo available under the [MIT expat license](https:\u002F\u002Fgithub.com\u002FInfisical\u002Finfisical\u002Fblob\u002Fmain\u002FLICENSE), with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license.\n\nIf you are interested in Infisical or exploring a more commercial path for Agent Vault, take a look at [our website](https:\u002F\u002Finfisical.com\u002F) or [book a meeting with us](https:\u002F\u002Finfisical.cal.com\u002Fvlad\u002Finfisical-demo).\n\n## Contributing\n\nWhether it's big or small, we love contributions. Agent Vault follows the same contribution guidelines as Infisical.\n\nCheck out our guide to see how to [get started](https:\u002F\u002Finfisical.com\u002Fdocs\u002Fcontributing\u002Fgetting-started).\n\nNot sure where to get started? You can:\n\n- Join our \u003Ca href=\"https:\u002F\u002Finfisical.com\u002Fslack\">Slack\u003C\u002Fa>, and ask us any questions there.\n\n## We are hiring!\n\nIf you're reading this, there is a strong chance you like the products we created.\n\nYou might also make a great addition to our team. We're growing fast and would love for you to [join us](https:\u002F\u002Finfisical.com\u002Fcareers).\n\n---\n\n> **Preview.** Agent Vault is in active development and the API is subject to change. Please review the [security documentation](https:\u002F\u002Fdocs.agent-vault.dev\u002Flearn\u002Fsecurity) before deploying.\n","Agent Vault 是一个为AI代理设计的HTTP凭证代理和密钥库。其核心功能在于通过代理方式管理和传递API调用所需的凭证，从而避免直接将敏感信息暴露给AI代理，有效防止了凭证外泄的风险。技术上，它采用Go语言开发，支持透明集成现有工具链，并具备专门针对AI代理场景优化的设计，包括多租户支持、命令行界面以及基于MITM架构的环境适配能力。该项目特别适用于需要加强安全控制的AI应用开发与部署场合，如使用大语言模型或其他外部服务时的安全访问控制。","2026-06-11 03:50:18","high_star"]