Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.agent-vault.dev/llms.txt

Use this file to discover all available pages before exploring further.

Agent Vault is an agent-first, open source proxy and secrets management vault by Infisical that sits between agents and the APIs they call. Check out the GitHub repository. Agents route HTTP requests through an Agent Vault server, which reconstructs each request with the right set of authentication credentials, before forwarding it to the target service.
Agent Vault architecture diagram

Why Agent Vault

Traditional credential management solutions return credentials directly to the end users of that solution. This is not suitable for agents because they are non-deterministic and vulnerable to prompt injection. This implies that an attacker could craft a malicious prompt and exfiltrate credentials from an agent back to the attacker. Enter Agent Vault - a new credential management solution built for agents that prevents credential exfiltration with ergonomic, agent-first design.

How it works

  1. You point the agent at Agent Vault by setting HTTPS_PROXY and trusting the Agent Vault CA certificate.
  2. The agent makes API calls the way it normally would — direct fetch, a vendor SDK, a CLI like gh or stripe, or an MCP server. All outbound HTTPS transparently routes through the Agent Vault proxy.
  3. Agent Vault matches the target host against the services in the vault, injects the stored credential into the auth header for that service, and forwards the request upstream with the agent’s other headers intact.
  4. If no service matches the host, the agent can raise a proposal requesting access. You review and approve in the browser, pasting in the API key, and the next request succeeds.
The agent never sees or handles your secrets. Learn more about vaults, services, proposals, and agents.

Get started

Installation

Install Agent Vault, start a server, and register.

Your first proposal

See Agent Vault in action in under 2 minutes.

Quickstart

Claude Code

Connect Claude Code to Agent Vault.

Cursor

Connect Cursor to Agent Vault.

Codex

Connect Codex to Agent Vault.

OpenClaw

Connect OpenClaw to Agent Vault.

NanoClaw

Connect NanoClaw to Agent Vault.

Hermes Agent

Connect Hermes Agent to Agent Vault.

OpenCode

Connect OpenCode to Agent Vault.

Custom Agent

Connect any HTTP-capable agent.