Downloads
Get Clavitor on your machine.
The CLI gives your agents scoped access to your vault. The proxy injects credentials into HTTPS requests transparently. Both are single binaries with zero dependencies.
Download
Clavitor CLI
Single binary. Fetch credentials, generate TOTP, store new secrets. Zero dependencies.
| Platform | Size | SHA-256 | |
|---|---|---|---|
| Linux · amd64 | 1.5 MB | 5535e4db74a25596… | Download |
| Linux · arm64 | 1.1 MB | dae2d857b069a596… | Download |
| macOS · Intel | 1.2 MB | 10f36f4cc4def5dd… | Download |
| macOS · Apple Silicon | 1.0 MB | 001e41f0f109de2e… | Download |
| Windows · amd64 | 1.2 MB | f74c6a153593a84b… | Download |
| Windows · 386 | 1007.0 KB | 5b0872843df993d5… | Download |
| FreeBSD · amd64 | 1.3 MB | 4f31165579504e64… | Download |
Clavitor Proxy
HTTPS proxy that injects credentials into agent requests. WASM crypto, no CGO, zero dependencies.
| Platform | Size | SHA-256 | |
|---|---|---|---|
| Linux · amd64 | 13.0 MB | a8a5e028cb015d66… | Download |
| Linux · arm64 | 12.2 MB | 74bcf39916fd2877… | Download |
| macOS · Intel | 13.2 MB | f945cc2a65359e4d… | Download |
| macOS · Apple Silicon | 12.5 MB | 67fd0ea868c9911d… | Download |
| Windows · amd64 | 13.3 MB | ed0dcbf0deca7ee0… | Download |
| Windows · 386 | 11.4 MB | aa2f79ef7fa6351b… | Download |
| FreeBSD · amd64 | 12.9 MB | 520688ca62bb33fc… | Download |
Download SHA256SUMS · verify with sha256sum -c SHA256SUMS
Browser extension
Prefer to fill credentials in the browser? The Clavitor extension drops passwords, passkeys, cards, and one-time codes into the field that actually wants them — while your vault stays remote, with nothing cached or decrypted on your machine.
Available now for Chrome. Firefox and Safari coming soon.
Set up an agent
Two steps. Under a minute from a fresh CLI install to a working agent identity.
1. Create the agent in your vault
In your vault's web UI, go to Agents → New. Name the agent (for example, "Claude Code") and pick which entries it can access. Clavitor returns a setup token — a single string that encodes the vault address, the agent identity, and the encryption key it'll need.
The token is single-use and short-lived (15 minutes by default). Treat it like a password: hand it directly to the machine where the agent runs, then discard.
2. Initialize the CLI on the agent's machine
$ clavitor-cli init <setup-token>
The token is decoded and saved as encrypted local config (~/.config/clavitor/agent.clv by default — file permissions 0600). The original token is consumed and cannot be reused. The next section shows how the agent uses the CLI from this point on.
Set up the proxy
For agents that already speak HTTP/HTTPS — Claude Desktop, custom scripts, anything using requests or fetch. The proxy sits between the agent and the upstream API, resolving clavitor://Entry/field placeholders on the wire so the agent never holds the actual credential. See the proxy architecture page for the threat model and protocol details.
The walkthrough is written conversationally so a human or an AI agent can read it top-to-bottom and execute it on a real machine. Pick your OS below — each section is a self-contained six-step procedure.
Before you start: get a setup token from the vault
You need a setup token from your vault. This is the one part only a human can do — the vault requires a hardware tap to authorize a new agent.
In the vault's web UI, go to Agents → New, name the agent (e.g. "Local Proxy"), pick which entries it can access, and tap your security key when prompted. Clavitor returns a single-use setup token with a 15-minute TTL. Copy it. The rest of the steps below ask you to paste it once and then forget about it.
Linux
The walkthrough below uses bash and assumes you're on x86-64; substitute arm64 for amd64 if you're on aarch64.
1. Download the proxy binary and make it executable. A single self-contained binary, no dependencies:
$ curl -LO https://clavitor.ai/downloads/clavitor-proxy-linux-amd64 $ chmod +x clavitor-proxy-linux-amd64
2. The binary is on disk. Now bind it to your vault. The proxy reads the setup token from stdin (never from the command line, so it doesn't leak into your shell history). Paste the token from "Before you start" when prompted:
$ ./clavitor-proxy-linux-amd64 init Paste enrollment token, then press Enter: <paste-the-token-here> ✓ Authenticated.
What just happened: the token was decrypted locally (no network call), the vault address + agent identity + credential-decryption key were written to an encrypted sidecar at ~/.config/clavitor-proxy/agent.clv (mode 0600), and the token itself is now consumed. You don't need it again.
3. Export the proxy's root CA. The proxy is going to terminate every HTTPS connection your agent makes and re-issue a certificate for each upstream host on the fly. Without trusting its root CA, those certificates would fail verification:
$ ./clavitor-proxy-linux-amd64 ca > clavitor-proxy-ca.pem
4. Install the CA into the system trust store. On Debian/Ubuntu and derivatives:
$ sudo cp clavitor-proxy-ca.pem /usr/local/share/ca-certificates/clavitor-proxy-ca.crt $ sudo update-ca-certificates
update-ca-certificates should print 1 added. From here on, every HTTPS client on the machine (curl, Python's requests, Go's net/http, etc.) accepts the proxy's certificates as legitimate.
5. Start the proxy. It binds to 127.0.0.1:1983 and runs in the foreground; Ctrl-C stops it:
$ ./clavitor-proxy-linux-amd64 serve clavitor-proxy listening on 127.0.0.1:1983
For a permanent setup, drop a systemd unit pointing at the same binary so it restarts on reboot — see the proxy docs for a reference unit.
6. Point your agent at the proxy and verify end-to-end. In another shell:
$ export HTTPS_PROXY=http://127.0.0.1:1983 $ curl -H "Authorization: Bearer clavitor://OpenAI/key" https://api.openai.com/v1/models
What actually leaves the proxy and reaches OpenAI's servers — the request your agent never sees:
GET /v1/models HTTP/1.1 Host: api.openai.com Authorization: Bearer sk-proj-abc123def456ghi789… ← real key, injected by the proxy User-Agent: curl/8.4.0
If you get back a JSON response from OpenAI, everything is wired up. The proxy resolved clavitor://OpenAI/key against the vault using the credential-decryption key from step 2, substituted the real key into the Authorization header, and forwarded the request upstream. Your agent code holds only the placeholder; the real key never leaves the proxy's process memory.
macOS
The walkthrough below uses zsh (the default shell on macOS) and assumes Apple Silicon; substitute amd64 for arm64 if you're on an Intel Mac.
1. Download the proxy binary and make it executable. A single self-contained binary, no dependencies:
$ curl -LO https://clavitor.ai/downloads/clavitor-proxy-darwin-arm64 $ chmod +x clavitor-proxy-darwin-arm64
If macOS Gatekeeper refuses to run the binary the first time, right-click it in Finder, choose Open, and confirm — that registers the exception. After that the command-line invocation works.
2. The binary is on disk. Now bind it to your vault. The proxy reads the setup token from stdin (never from the command line, so it doesn't leak into your shell history). Paste the token from "Before you start" when prompted:
$ ./clavitor-proxy-darwin-arm64 init Paste enrollment token, then press Enter: <paste-the-token-here> ✓ Authenticated.
What just happened: the token was decrypted locally (no network call), the vault address + agent identity + credential-decryption key were written to an encrypted sidecar at ~/.config/clavitor-proxy/agent.clv (mode 0600), and the token itself is now consumed. You don't need it again.
3. Export the proxy's root CA. The proxy is going to terminate every HTTPS connection your agent makes and re-issue a certificate for each upstream host on the fly. Without trusting its root CA, those certificates would fail verification:
$ ./clavitor-proxy-darwin-arm64 ca > clavitor-proxy-ca.pem
4. Install the CA into the System Keychain. One command, asks for your sudo password:
$ sudo security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain clavitor-proxy-ca.pemAfter this, Safari, curl, Swift, Python, Go, and most other HTTPS clients on the machine accept the proxy's certificates. (A small number of language runtimes ship their own trust bundle and need separate configuration — you'll see a cert error if so.)
5. Start the proxy. It binds to 127.0.0.1:1983 and runs in the foreground; Ctrl-C stops it:
$ ./clavitor-proxy-darwin-arm64 serve clavitor-proxy listening on 127.0.0.1:1983
For a permanent setup, install it as a launchd agent so it starts at login and restarts on crash.
6. Point your agent at the proxy and verify end-to-end. In another shell:
$ export HTTPS_PROXY=http://127.0.0.1:1983 $ curl -H "Authorization: Bearer clavitor://OpenAI/key" https://api.openai.com/v1/models
What actually leaves the proxy and reaches OpenAI's servers — the request your agent never sees:
GET /v1/models HTTP/1.1 Host: api.openai.com Authorization: Bearer sk-proj-abc123def456ghi789… ← real key, injected by the proxy User-Agent: curl/8.4.0
If you get back a JSON response from OpenAI, everything is wired up. The proxy resolved clavitor://OpenAI/key against the vault using the credential-decryption key from step 2, substituted the real key into the Authorization header, and forwarded the request upstream. Your agent code holds only the placeholder; the real key never leaves the proxy's process memory.
Windows
The walkthrough below uses PowerShell and assumes 64-bit Windows; substitute windows-386.exe for windows-amd64.exe if you're on 32-bit.
1. Download the proxy binary. A single self-contained .exe, no dependencies:
> Invoke-WebRequest https://clavitor.ai/downloads/clavitor-proxy-windows-amd64.exe `
-OutFile clavitor-proxy.exeWindows SmartScreen may show a warning the first time you run an unsigned binary — click More info → Run anyway to permit it.
2. The binary is on disk. Now bind it to your vault. The proxy reads the setup token from stdin (never from the command line, so it doesn't leak into your PowerShell history). Paste the token from "Before you start" when prompted:
> .\clavitor-proxy.exe init Paste enrollment token, then press Enter: <paste-the-token-here> ✓ Authenticated.
What just happened: the token was decrypted locally (no network call), the vault address + agent identity + credential-decryption key were written to an encrypted sidecar at %APPDATA%\clavitor-proxy\agent.clv, and the token itself is now consumed. You don't need it again.
3. Export the proxy's root CA. The proxy is going to terminate every HTTPS connection your agent makes and re-issue a certificate for each upstream host on the fly. Without trusting its root CA, those certificates would fail verification:
> .\clavitor-proxy.exe ca > clavitor-proxy-ca.pem
4. Install the CA into the Local Machine Trusted Root store. Open an elevated PowerShell (Right-click PowerShell → Run as Administrator) and run:
> certutil -addstore -f "ROOT" clavitor-proxy-ca.pem
After this, Edge, .NET, curl.exe, and most HTTP clients on the machine accept the proxy's certificates. (Firefox maintains its own trust store; if you're testing through Firefox, import the CA separately under Settings → Privacy & Security → Certificates → View Certificates → Authorities → Import.)
5. Start the proxy. It binds to 127.0.0.1:1983 and runs in the foreground; Ctrl-C stops it:
> .\clavitor-proxy.exe serve clavitor-proxy listening on 127.0.0.1:1983
For a permanent setup, register it as a Windows service or scheduled task so it starts at boot.
6. Point your agent at the proxy and verify end-to-end. In another PowerShell window:
> $env:HTTPS_PROXY = "http://127.0.0.1:1983"
> curl.exe -H "Authorization: Bearer clavitor://OpenAI/key" `
https://api.openai.com/v1/models(Use curl.exe explicitly — PowerShell's curl alias points to Invoke-WebRequest, which handles the proxy environment variable differently.) What actually leaves the proxy and reaches OpenAI's servers — the request your agent never sees:
GET /v1/models HTTP/1.1 Host: api.openai.com Authorization: Bearer sk-proj-abc123def456ghi789… ← real key, injected by the proxy User-Agent: curl/8.4.0
If you get back a JSON response from OpenAI, everything is wired up. The proxy resolved clavitor://OpenAI/key against the vault using the credential-decryption key from step 2, substituted the real key into the Authorization header, and forwarded the request upstream. Your agent code holds only the placeholder; the real key never leaves the proxy's process memory.
Install the Claude Code skill
The CLI ships with a built-in skill definition that teaches Claude Code how to use your vault. One command installs it.
# Install globally (all projects) $ clavitor-cli skill > ~/.claude/skills/clavitor.md # Or install for a specific project $ clavitor-cli skill > /path/to/project/.claude/skills/clavitor.md
The skill is embedded in the binary. Update it by downloading a new release.
Use it
Your agent can now fetch credentials, generate TOTP codes, and store new secrets. Every access is logged in the vault's audit trail.
# Fetch a credential $ clavitor-cli get github # Generate a TOTP code $ clavitor-cli totp github # Store a new credential $ clavitor-cli put credential "AWS Prod" --username admin --password s3cret # List all entries $ clavitor-cli list
One CLI call. Every secret.
Your vault, your scopes, your audit trail. No env vars, no config files, no secrets in logs.