Password manager for the AI era

Passwords for
AI agents.

Claude Code, Codex, Cursor, OpenClaw — every AI agent needs credentials. clavitor gives them access without giving them everything. Your private data stays locked behind your biometric. Same vault, different access.

Get started How it works →

MCP REST API CLI Browser Extension Open Source

Visa • John Smith

cardholder John Smith AI + you

expiry 2029-02 AI + you

number 4532 •••• •••• 7821 only you

cvv ••• only you

See it in action

What makes clavitor different.

Agent fetches a credential

Your AI searches the vault via MCP and gets exactly what it needs.

claude> search_vault("github")

...

token: ghp_x7k2m9...4f1a

ssh: ed25519 SHA256:...

totp: 847 291

Private fields stay private

The agent asks for your Visa. It gets the name. Not the number.

claude> get_credential("visa")

...

name: John Smith

number: [REDACTED]

cvv: [REDACTED]

AI generates your 2FA

No phone. No app switching. Your agent handles two-factor.

claude> get_totp("aws")

generating code...

code: 847 291

expires: 18s

account: john@smith.family

This is the vault for the AI era.

Not an add-on to some legacy product.

Vault connectors give your AI the same access you have. Everything or nothing. That's not security, that's a checkbox.

Connectors: all-or-nothing

Your agent needs your GitHub token. With a connector, it also sees your SSN and private keys.

"AI-safe" is policy, not math

Other vaults decrypt everything server-side and filter. If the server can read it, it's not private.

✓

Clavitor: built for this

Your AI reads what you allow. Private fields are encrypted with a key derived from your biometric — it never leaves your device. Not your AI, not us, not our servers can decrypt them.

"Your AI deploys the code.
It doesn't see what you don't share."

You decide which fields are private — per entry, per field. Those get a second encryption key derived from your biometric via WebAuthn PRF. That key is generated on your device and never transmitted.

1. You mark a field as private in the web UI 2. Your browser derives an AES-256 key from your biometric via WebAuthn PRF (Touch ID, YubiKey, etc.) 3. The field is encrypted client-side before it ever reaches the server 4. The server stores ciphertext. No key, no plaintext, no backdoor. Math, not policy.

Your agent can read

Shared with AI

GET /api/entries/github

username: johnsmith

token: ghp_x7k2m9q...4f1a

ssh_key: -----BEGIN OPENSSH...

totp: 847291 (18s remaining)

Only you can read

Locked to your biometric

GET /api/entries/identity

name: John Smith

passport: [REDACTED — not available to agents]

ssn: [REDACTED — not available to agents]

email: john@smith.family

Binary

SQLite file

MCP tools

Dependencies

Multi-user. Multi-agent.
One vault.

Every agent gets its own API key. Your coding agent sees GitHub. Your DevOps agent sees AWS. Neither sees your personal keys.

~/.claude/mcp.json

{
  "mcpServers": {
    "vault-dev": {
      "url": "http://localhost:1984/mcp",
      "headers": { "Authorization": "Bearer token_dev_..." }
    },
    "vault-devops": {
      "url": "http://localhost:1984/mcp",
      "headers": { "Authorization": "Bearer token_ops_..." }
    }
  }
}

Two ways to run it.

Hosted — $20 $12/yr (personal)

Launch price until June 30, 2026

We handle TLS, DNS, backups and 21 regional edge nodes across 6 continents. You just create a vault and connect your agents.

Get hosted →

Self-host — free

One binary on your server. You'll need a domain, reverse proxy and TLS. Full control, zero cost.

$ curl -fsSL clavitor.com/install.sh | sh
$ clavitor
# Running on http://localhost:1984

Install guide →

Need team or enterprise pricing? Talk to us.

Passwords forAI agents.