VaultAgent - Secure Secret Management for AI Coding Agents

┌─ Getting Started ─┐

VaultAgent is a secure secret management system designed specifically for AI coding agents. Store your API keys, database credentials, and sensitive tokens with zero-knowledge encryption, then grant time-limited access to your AI tools without ever exposing the actual values.

The Problem

AI coding agents like Claude Code, Cursor, and GitHub Copilot need access to your secrets to be truly useful. But giving agents direct access is risky:

[!] Secrets might appear in code suggestions

[!] Accidental logging exposes credentials

[!] Keys could be sent to unexpected endpoints

The Solution

[1] Store secrets in your encrypted vault

[2] Create a scoped, time-limited session

[3] VaultAgent injects secrets to the environment

[4] Agent uses secrets without seeing values

[5] Session expires automatically

Quick Start

step 1: dashboard

# Sign up at vaultagent.io and store your secrets
# Secrets are encrypted client-side before upload
# Server never sees your plaintext values

step 2: create session

# In the dashboard, create a session:
#   - Select your vault
#   - Choose which secrets to share
#   - Set duration (15min to 24hr)
#   - Pick your agent
# You'll receive a session token: va_sess_xK7m...

step 3: inject + run

# Install the CLI
$ npm i -g vaultagent

# Run your agent with secrets injected
$ vaultagent run va_sess_xK7m... -- claude
Master password: ********
[/] Fetching session secrets...
[/] Session: claude-code (58 min remaining)
[/] Decrypting 3 secret(s)...
[/] 3 secret(s) injected. Launching: claude

Supported AI Agents

Claude Code[/] Supported

Cursor[/] Supported

Windsurf[/] Supported

Aider[/] Supported

GitHub Copilot[/] Supported

Continue[/] Supported

Agent Setup

Claude Code

VaultAgent CLI decrypts secrets locally and injects into environment

$ vaultagent run <token> -- claude

Cursor

VaultAgent CLI injects API keys before launching Cursor

$ vaultagent run <token> -- cursor .

Windsurf

VaultAgent CLI injects API keys before launching Windsurf

$ vaultagent run <token> -- windsurf .

Aider

VaultAgent CLI injects OPENAI_API_KEY / ANTHROPIC_API_KEY into env

$ vaultagent run <token> -- aider

GitHub Copilot

VaultAgent CLI injects keys, then launch VS Code with Copilot

$ vaultagent run <token> -- code .

Continue

VaultAgent CLI injects keys, then launch VS Code with Continue

$ vaultagent run <token> -- code .