Skip to main content

Prerequisites

  • A running Agent Vault instance on a separate host from where Claude Code runs (see installation guide).
  • Claude Code installed.
  • An agent token from Agent Vault (create one under Agents → Add agent).
Install the Agent Vault CLI on the host or in the container image where Claude Code runs, and point it at your Agent Vault instance. The CLI bootstraps Claude Code’s environment so every outbound API call routes through Agent Vault for credential injection.

1. Install the Agent Vault CLI

Add the agent-vault binary to the environment where Claude Code runs.
curl --proto '=https' --proto-redir '=https' --tlsv1.2 -fsSL https://get.agent-vault.dev | sh

2. Set environment variables

The CLI reads these on launch to authenticate with Agent Vault and scope its session to the right vault.
export AGENT_VAULT_ADDR="http://<your-host>:14321"
export AGENT_VAULT_TOKEN="av_agt_xxx"
export AGENT_VAULT_VAULT="<VAULT_NAME>"

3. Run Claude Code under agent-vault

agent-vault run launches Claude Code with HTTPS_PROXY and HTTP_PROXY pre-set so both its HTTPS and plain HTTP calls route through Agent Vault for credential injection.
agent-vault run -- claude
agent-vault run also installs a Claude Code skill at ~/.claude/skills/agent-vault-cli/SKILL.md that teaches Claude Code how to raise proposals when API access is needed. The skill persists across sessions.

Next steps

Agent protocol

Full request lifecycle end-to-end.

Services

Pre-configure services you know the agent will need.