Open source · MIT
One binary. No Docker. No Postgres. No Redis. Runs anywhere Go runs. You'll need a server with a public IP, DNS, and TLS if you want access from outside your network.
The install script detects your OS and architecture, downloads the latest release, and puts it in your PATH.
Or download directly:
The vault key encrypts your Agent field data at rest. If you lose this key, Agent field data cannot be recovered.
A SQLite database is created automatically in ~/.clavitor/.
Point your AI assistant at the vault. Works with Claude Code, Cursor, Codex, or any MCP-compatible client.
~/.claude/mcp.json
{
"mcpServers": {
"clavitor": {
"url": "http://localhost:1984/mcp",
"headers": {
"Authorization": "Bearer YOUR_MCP_TOKEN"
}
}
}
}Generate an MCP token from the web UI at http://localhost:1984 after first run.
The LLM classifier automatically suggests Agent/Sealed assignments for each field. Review and confirm in the web UI.
For always-on availability, run clavitor as a systemd service.
/etc/systemd/system/clavitor.service
[Unit] Description=clavitor After=network.target [Service] Type=simple User=clavitor EnvironmentFile=/etc/clavitor/env ExecStart=/usr/local/bin/clavitor Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
Put clavitor behind Caddy for TLS and remote access.
Caddyfile
vault.yourdomain.com {
reverse_proxy localhost:1984
}Same vault, same features. We handle updates, backups, and TLS. $20 $12/yr.