Skip to main content

Prerequisites

  • A running Agent Vault instance on a separate host from where Cursor runs (see installation guide).
  • Cursor installed.
  • An agent token from Agent Vault (create one under Agents → Add agent).
Install the Agent Vault CLI on the host or in the container image where Cursor runs, and point it at your Agent Vault instance. The CLI bootstraps Cursor’s environment so every outbound API call routes through Agent Vault for credential injection.

1. Install the Agent Vault CLI

Add the agent-vault binary to the environment where Cursor runs.
curl --proto '=https' --proto-redir '=https' --tlsv1.2 -fsSL https://get.agent-vault.dev | sh

2. Set environment variables

The CLI reads these on launch to authenticate with Agent Vault and scope its session to the right vault.
export AGENT_VAULT_ADDR="http://<your-host>:14321"
export AGENT_VAULT_TOKEN="av_agt_xxx"
export AGENT_VAULT_VAULT="<VAULT_NAME>"

3. Run Cursor under agent-vault

agent-vault run launches Cursor’s agent with HTTPS_PROXY and HTTP_PROXY pre-set so both its HTTPS and plain HTTP calls route through Agent Vault for credential injection.
agent-vault run -- agent
agent-vault run also installs an Agent Vault skill at ~/.cursor/skills/agent-vault-cli/SKILL.md that teaches Cursor how to raise proposals when API access is needed. The skill persists across sessions.

Next steps

Agent protocol

Full request lifecycle end-to-end.

Services

Pre-configure services you know the agent will need.