Integration Guide

clavitor + Claude Code

Give your Claude agent secure access to credentials, TOTP codes, and API keys — without exposing card numbers, passports, or recovery codes.

What Claude sees

Shared fields

Claude reads these via MCP tools to help you code, deploy, and authenticate.

  • API keys (GitHub, AWS, Stripe, OpenAI…)
  • SSH host credentials
  • Database connection strings
  • TOTP seeds — Claude generates 2FA codes autonomously
  • Service account passwords
What Claude never sees

Personal fields

Encrypted client-side with your biometric. The server stores ciphertext. No key, no access.

  • Credit card numbers & CVV
  • Passport & government IDs
  • Recovery codes & seed phrases
  • Social security numbers
  • Bank account details

Setup in 2 minutes

Create a token in clavitor, connect it to Claude, done.

1. Create a token

Open your vault → TokensCreate. Give it a label like “Claude Code”. Copy the token — it’s shown only once.

Each token is an independent API key. Create one per agent or project.

2. Connect Claude Code

In your terminal, run:

claude mcp add clavitor --transport http --url http://localhost:1984/mcp \ --header "Authorization: Bearer clavitor_your_token_here"

That’s it. Claude Code picks up the new server automatically.

3. Connect Claude Desktop

Open Claude Desktop → menu → SettingsIntegrationsAdd More.

Name:   clavitor
URL:    http://localhost:1984/mcp

Click Add, then expand the entry and add a header:

Authorization: Bearer clavitor_your_token_here

Using hosted clavitor?

Your MCP URL includes your unique vault identifier. You can find the exact URL in your Account Information page after signing up.

It looks like: https://clavitor.com/your_vault_id/mcp

You don’t have to do anything

Once connected, Claude handles credentials automatically. Need to deploy? It looks up your SSH key. Need to log in? It fetches the password and generates the 2FA code. You just ask for what you want done.

“Deploy to production”

Claude looks up your server credentials, SSH key, and any required API tokens — then does the deployment.

get_credential("aws-production")
get_totp("aws")  →  283941 (expires in 22s)

“Log in to GitHub and check the CI”

Claude finds the credential, generates a live TOTP code, and completes the 2FA flow. No phone needed.

get_credential("github")
get_totp("github")  →  847203 (expires in 14s)

“Find my database credentials”

Full-text search across all entries — titles, URLs, usernames, notes.

search_vault("postgres")

“What’s expiring soon?”

Claude checks for credentials, cards, or documents expiring within any timeframe.

check_expiring(30)

“Show me everything”

List all entries the agent has access to. Useful for inventory or onboarding a new project.

list_credentials()

“Save this API key”

Claude stores new credentials, notes, and configuration directly in your vault. Sign up for a service, generate an API key, or jot down a config snippet — Claude saves it immediately. No copy-pasting into a separate app.

“Remember this for later”

License keys, server configs, migration plans, recovery instructions — anything you tell Claude to remember goes straight into your vault, encrypted and searchable.

One vault, multiple agents

Running Claude on different projects? Create a separate API key for each.

Work agent

Its own API key for GitHub, AWS, Jira, and Slack

Personal agent

Its own API key for email, social media, and cloud storage

Deploy agent

Its own API key for SSH keys, database creds, and API tokens

Every access is logged

The audit log records which agent accessed which credential, when, and from where.

TIME                 ACTION  ENTRY               ACTOR
2026-03-08 10:23:14  read    github.com          mcp:claude-desktop
2026-03-08 10:23:15  totp    github.com          mcp:claude-desktop
2026-03-08 11:45:02  read    aws-production      mcp:deploy-agent
2026-03-08 14:12:33  search  "database"          mcp:claude-code

Get started

Self-host (free) Hosted ($12/yr)