The credential vault built for AI agents —
and against them.

Software signs in more than people do now. Every agent, every script, every pipeline needs a credential — and most of them get the whole keyring. Clavitor is the vault built for that reality: encrypted to your hardware, scoped per agent, auditable by event. Your AI never sees the secret it just used. Neither do we.

Use for free See plans

ENCRYPTION

We can't read your data

Identity fields are encrypted with keys derived from your device. The key never exists on any server. Math, not policy.

NETWORK

21 regions, 6 continents

Pick your region. Cross-hemisphere fail-over is automatic. 99.99% SLA on reads.

RESILIENCE

Engineered to keep working

We asked what happens when each layer fails — cloud, DNS, registrar, email, our own software. The answer for every layer is the vault keeps serving. See the list →

PRICING

Built like infrastructure

Priced like a password manager. Same rate as the tool you'd replace — and it does the work three of your tools were pretending to.

Global footprint

Your vault. Wherever you are.

Cross-hemisphere fail-over is automatic.

21Regions

6Continents

<60msAlmost everywhere

99.99%SLA on reads

See latency from your location →

The problem

Your credentials are exposed.

Three ways secrets leak in the age of AI agents. All of them are normal. All of them are broken.

.env files with 40 API keys

Your agent reads environment variables. Every key, every secret, every token — sitting in plaintext on the same filesystem the agent has shell access to.

Browser passwords aren't private

Chrome, Firefox, Safari — they all decrypt your passwords when the OS session is unlocked. Any process with user-level access can read them. So can any agent.

Agents see everything or nothing

Your agent needs your GitHub token. It shouldn't also see your passport number. Today's vaults give it access to both — or neither.

Clavitor fixes all three. Credentials at arm's length. Scoped per agent. Encrypted with your device.

How it feels

Four surfaces. One vault.

Each one designed for a different moment. All pointing at the same encrypted store.

Your agent deploys. You didn't touch anything.

The agent calls the CLI, gets the credential, deploys. No .env file. No copy-paste. No secrets in logs. The vault is remote — the agent can't bypass it.

You land on a login page. It's already filled.

LLM-powered field mapping. No content scripts injected into pages. No desktop app dependency. Tap your fingerprint, done.

You need your card number at dinner.

Face ID or fingerprint. Your card number appears. Encrypted with your fingerprint or security key — even Clavitor's servers can't see it.

Your CI pipeline authenticates. No secrets in the repo.

The HTTPS proxy injects credentials into requests transparently. The secret never touches the agent's memory, logs, or context window.

Built for everyone

From your first password to your fiftieth team.

One product, three ways to use it. Same vault, same encryption, same fingerprint.

For you and your family

Every password, every card, every recovery code — in one place that follows you across phone, laptop, and tablet. Share with family without texting.

Browser extension and mobile apps
Cards and identity hidden behind your fingerprint
Free for 10 entries, $1/mo unlimited

Personal & Family

For your team

Stop sharing passwords in Slack. Give every employee their own scoped access. Onboard new hires in seconds, offboard them in one click.

Per-user vaults with shared groups
Auto-rotation when someone leaves
Audit log of every credential access

Teams of 10 to 500

For your organization

SCIM, SIEM, centralized audit, regional residency, and a real SLA with compensation. Field-level encryption that satisfies compliance, not just policy.

SCIM directory sync & SAML SSO
SIEM integration & centralized audit
Regional residency & 99.99% SLA

500+ users

Trust, evidenced

Every access, logged. Every log, encrypted.

A credential vault is only as trustworthy as the record of who used it. Clavitor records every credential read, every TOTP request, every agent action — with actor identity, source IP, action, and timestamp. The log itself is encrypted at rest using the same field-level scheme as the credentials it tracks. Only the event id, entry id, and timestamp stay in plaintext — exactly what queries need, and nothing else.

Every event is tagged with actor type — human, browser extension, or AI agent — so AI activity stands apart from human activity on the same line. Filter by actor, entry, action, or date range in the vault UI. Enterprise plans add cross-vault export to your SIEM.

CMMC LEVEL 2

Audit and accountability evidence

NIST SP 800-171 audit-and-accountability controls (3.3.1 — record what's needed, 3.3.2 — link to identity, 3.3.8 — protect log integrity) need per-event identity, IP, and timestamp, stored protected. Clavitor records all three and encrypts the log alongside.

SOC 2 · ISO 27001

Monitoring evidence on tap

Trust Services criterion CC7.2 and ISO/IEC 27001 A.8.15 ask for logs of authentication and privileged actions. Every credential access in Clavitor is one such event — actor-typed, encrypted, queryable, exportable.

HIPAA · GDPR

Accountability, on demand

HIPAA §164.312(b) audit controls and GDPR Article 32 accountability obligations are answered by the same log. No separate compliance module, no add-on fee — the audit log is part of the product.

The audit log is not a feature stitched on the side. It is the proof. Without it, every claim about access control is policy. With it, claims become evidence.

The standard

Ten rules. Count how many your tool keeps.

We wrote down the rules a credential system should be built on — technical, testable, pass/fail. Most of the industry keeps fewer than half. Hold any tool against them, including ours.

Read the Ten Golden Rules →

Lose a device. Don't lose your vault.

Your vault's identity tier is encrypted with keys derived from your hardware — Touch ID, Face ID, YubiKey. We never see those keys. Two layers of safety net keep you in.

Enroll multiple devices

The same vault key, registered against your laptop, your phone, and a YubiKey in a drawer. Any one of them unlocks the vault. Lose your laptop — still got the phone. Lose both — still got the YubiKey.

Set up recovery (2 min)

Split-knowledge code on your side, a recovery anchor on ours. Neither alone unlocks anything. Recovery flows through a real Zoom call with human verification you set up — not an email-reset link that's only as strong as your inbox.

We can't decrypt your vault. We also can't lock you out of it. How recovery actually works →

# Initialize the agent (one-time, token from web UI)
$ clavitor-cli init <setup-token>

# Fetch any credential your agent is scoped to
$ clavitor-cli get "Vercel" --field token
tV3r_a8f3kN9...

Use it free, forever.

10 entries, one vault, one agent. Full encryption. Same infrastructure as paid plans. Upgrade only if you need more.