Agent Vault

Name: Agent Vault
Availability: OnlineOnly
Author: Infisical

An open-source HTTP credential proxy and vault that sits between AI agents and the APIs they call, eliminating credential exfiltration risk with brokered access.

Visit Website

At a Glance

Pricing

Open Source

Fully open-source under the MIT expat license. Free to use, modify, and distribute.

Engagement

Available On

macOS

Linux

API

SDK

CLI

InfisicalSan Francisco, CAEst. 2022$18.8M raised

Listed Apr 2026

About Agent Vault

Agent Vault is an open-source credential broker built by Infisical that prevents AI agents from ever possessing or leaking secrets. Instead of returning credentials directly to agents, it routes HTTP requests through a local proxy that injects the right credentials at the network layer — meaning agents call APIs normally without ever seeing the underlying secrets. It supports any HTTP-speaking agent, including Claude Code, Cursor, Codex, and custom Python/TypeScript agents, and can be deployed locally, via Docker, or built from source.

Brokered access, not retrieval — Agents receive a scoped session and a local HTTPS_PROXY; credentials are injected at the network layer and never returned to the agent.
Works with any agent — Compatible with custom Python/TypeScript agents, sandboxed processes, and popular coding agents like Claude Code, Cursor, and Codex — anything that speaks HTTP.
Encrypted at rest — Credentials are encrypted with AES-256-GCM using a random DEK; an optional master password wraps the DEK via Argon2id for secure rotation without re-encryption.
Container sandbox mode — Launch agents in a Docker container with egress locked down by iptables so the child process physically cannot reach anything except the Agent Vault proxy.
Request logs — Every proxied request is persisted per vault with method, host, path, status, latency, and credential key names; bodies and headers are never recorded.
TypeScript SDK — Install @infisical/agent-vault-sdk to mint sessions and pass proxy config into sandboxed environments like Docker, Daytona, or E2B.
CLI integration — Use agent-vault run -- claude (or any agent command) to wrap a local agent process with a scoped session and automatic CA-trust env vars.
Web UI — A built-in web interface is available at http://localhost:14321 for managing vaults and viewing request logs.
Self-hostable — Deploy via install script (macOS/Linux), Docker image, or build from source using Go 1.25+ and Node.js 22+.
Open-source core — Available under the MIT expat license; enterprise features in the ee directory require an Infisical license.

Community Discussions

Be the first to start a conversation about Agent Vault

Share your experience with Agent Vault, ask questions, or help others learn from your insights.

Pricing

OPEN SOURCE

Open Source

Fully open-source under the MIT expat license. Free to use, modify, and distribute.

HTTP credential proxy
Brokered credential access
AES-256-GCM encryption at rest
Container sandbox mode
Request logging per vault

Capabilities

Key Features

HTTP credential proxy
Brokered credential access (never reveals secrets to agents)
AES-256-GCM encryption at rest
Argon2id master password key wrapping
Container sandbox mode with iptables egress lockdown
Per-vault request logging (method, host, path, status, latency)
Scoped session management
Transparent HTTPS proxy on port 14322
Web UI on port 14321
CLI agent wrapping via `agent-vault run`
TypeScript SDK for orchestrator integration
Passwordless mode for PaaS deploys
Configurable log retention per vault
Docker support
macOS and Linux install script

Integrations

Claude Code

Cursor

Codex

OpenClaw

Hermes

OpenCode

Docker

Daytona

E2B

Infisical

API Available

View Docs

Back to all tools

About Agent Vault

Brokered access, not retrieval — Agents receive a scoped session and a local HTTPS_PROXY; credentials are injected at the network layer and never returned to the agent.
Works with any agent — Compatible with custom Python/TypeScript agents, sandboxed processes, and popular coding agents like Claude Code, Cursor, and Codex — anything that speaks HTTP.
Encrypted at rest — Credentials are encrypted with AES-256-GCM using a random DEK; an optional master password wraps the DEK via Argon2id for secure rotation without re-encryption.
Container sandbox mode — Launch agents in a Docker container with egress locked down by iptables so the child process physically cannot reach anything except the Agent Vault proxy.
Request logs — Every proxied request is persisted per vault with method, host, path, status, latency, and credential key names; bodies and headers are never recorded.
TypeScript SDK — Install @infisical/agent-vault-sdk to mint sessions and pass proxy config into sandboxed environments like Docker, Daytona, or E2B.
CLI integration — Use agent-vault run -- claude (or any agent command) to wrap a local agent process with a scoped session and automatic CA-trust env vars.
Web UI — A built-in web interface is available at http://localhost:14321 for managing vaults and viewing request logs.
Self-hostable — Deploy via install script (macOS/Linux), Docker image, or build from source using Go 1.25+ and Node.js 22+.
Open-source core — Available under the MIT expat license; enterprise features in the ee directory require an Infisical license.

Agent Vault