This project addresses the critical security challenge of preventing sensitive information like API keys and tokens from being exposed to AI agents during service setup. It targets developers and users integrating AI agents into their workflows, offering a robust solution to maintain data privacy by ensuring real secrets are never transmitted or directly accessed by the AI.

How It Works

Agent-Vault acts as a secret-aware file I/O layer. It stores secrets in a locally encrypted vault (~/.agent-vault/) using AES-256-GCM with per-value encryption. When AI agents interact with files, Agent-Vault transparently replaces actual secret values with placeholders like <agent-vault:key>. Conversely, when writing files, it restores these placeholders to their real, decrypted values. A key advantage is its automatic detection and redaction of high-entropy strings not explicitly stored in the vault, marking them as <agent-vault:UNVAULTED:sha256:...>, thus ensuring comprehensive protection.

Quick Start & Requirements

• Install: npm install -g @botiverse/agent-vault
• Prerequisites: Node.js and npm.
• Vault Location: Secrets are stored in a global, encrypted vault at ~/.agent-vault/, which is initialized automatically or via agent-vault init.

Highlighted Details

• Secrets are stored in an encrypted local vault (~/.agent-vault/) with AES-256-GCM and per-value encryption, secured by 0600 permissions.
• Automatic redaction of unvaulted, high-entropy strings as <agent-vault:UNVAULTED:sha256:...> enhances security beyond explicitly managed secrets.
• Sensitive commands (set, get, rm, import) strictly require an interactive terminal (TTY), preventing non-interactive agents from executing them.
• Agent integration is facilitated via npx skills add botiverse/agent-vault, enabling agents to use read and write commands safely and avoid sensitive operations.

Maintenance & Community

No specific details regarding contributors, sponsorships, or community channels (e.g., Discord/Slack) were provided in the README.

Licensing & Compatibility

• License: Apache-2.0.
• Compatibility: The Apache-2.0 license is permissive, generally allowing for commercial use and integration within closed-source projects.

Limitations & Caveats

Sensitive operations such as setting or retrieving secrets require manual user intervention via an interactive terminal (TTY). Secrets are managed in a single, global vault, which may require careful consideration for highly compartmentalized environments. The tool's protection is focused on the interaction between agents and the file system, not on secrets during transit before reaching the agent or after agent processing if the agent itself is compromised.