# Agent Vault > An open-source HTTP credential proxy and vault that sits between AI agents and the APIs they call, eliminating credential exfiltration risk with brokered access. Agent Vault is an open-source credential broker built by Infisical that prevents AI agents from ever possessing or leaking secrets. Instead of returning credentials directly to agents, it routes HTTP requests through a local proxy that injects the right credentials at the network layer — meaning agents call APIs normally without ever seeing the underlying secrets. It supports any HTTP-speaking agent, including Claude Code, Cursor, Codex, and custom Python/TypeScript agents, and can be deployed locally, via Docker, or built from source. - **Brokered access, not retrieval** — *Agents receive a scoped session and a local `HTTPS_PROXY`; credentials are injected at the network layer and never returned to the agent.* - **Works with any agent** — *Compatible with custom Python/TypeScript agents, sandboxed processes, and popular coding agents like Claude Code, Cursor, and Codex — anything that speaks HTTP.* - **Encrypted at rest** — *Credentials are encrypted with AES-256-GCM using a random DEK; an optional master password wraps the DEK via Argon2id for secure rotation without re-encryption.* - **Container sandbox mode** — *Launch agents in a Docker container with egress locked down by iptables so the child process physically cannot reach anything except the Agent Vault proxy.* - **Request logs** — *Every proxied request is persisted per vault with method, host, path, status, latency, and credential key names; bodies and headers are never recorded.* - **TypeScript SDK** — *Install `@infisical/agent-vault-sdk` to mint sessions and pass proxy config into sandboxed environments like Docker, Daytona, or E2B.* - **CLI integration** — *Use `agent-vault run -- claude` (or any agent command) to wrap a local agent process with a scoped session and automatic CA-trust env vars.* - **Web UI** — *A built-in web interface is available at `http://localhost:14321` for managing vaults and viewing request logs.* - **Self-hostable** — *Deploy via install script (macOS/Linux), Docker image, or build from source using Go 1.25+ and Node.js 22+.* - **Open-source core** — *Available under the MIT expat license; enterprise features in the `ee` directory require an Infisical license.* ## Features - HTTP credential proxy - Brokered credential access (never reveals secrets to agents) - AES-256-GCM encryption at rest - Argon2id master password key wrapping - Container sandbox mode with iptables egress lockdown - Per-vault request logging (method, host, path, status, latency) - Scoped session management - Transparent HTTPS proxy on port 14322 - Web UI on port 14321 - CLI agent wrapping via `agent-vault run` - TypeScript SDK for orchestrator integration - Passwordless mode for PaaS deploys - Configurable log retention per vault - Docker support - macOS and Linux install script ## Integrations Claude Code, Cursor, Codex, OpenClaw, Hermes, OpenCode, Docker, Daytona, E2B, Infisical ## Platforms MACOS, LINUX, API, DEVELOPER_SDK, CLI ## Pricing Open Source ## Version v0.10.0 ## Links - Website: https://docs.agent-vault.dev - Documentation: https://docs.agent-vault.dev - Repository: https://github.com/Infisical/agent-vault - EveryDev.ai: https://www.everydev.ai/tools/agent-vault