Skip to main content
Running Hermes on a remote VPS instead of your laptop? Follow Run Hermes on a VPS. It covers the same brokering pattern as a two-VPS deployment with systemd, a Telegram bot, and an optional egress firewall.

Prerequisites

  • A running Agent Vault instance on a separate host from where Hermes Agent runs (see installation guide).
  • Hermes Agent installed.
  • An agent token from Agent Vault (create one under Agents → Add agent).
Install the Agent Vault CLI on the host or in the container image where Hermes Agent runs, and point it at your Agent Vault instance. The CLI bootstraps Hermes Agent’s environment so every outbound API call routes through Agent Vault for credential injection.

1. Install the Agent Vault CLI

Add the agent-vault binary to the environment where Hermes Agent runs.
curl --proto '=https' --proto-redir '=https' --tlsv1.2 -fsSL https://get.agent-vault.dev | sh

2. Set environment variables

The CLI reads these on launch to authenticate with Agent Vault and scope its session to the right vault.
export AGENT_VAULT_ADDR="http://<your-host>:14321"
export AGENT_VAULT_TOKEN="av_agt_xxx"
export AGENT_VAULT_VAULT="<VAULT_NAME>"

3. Run Hermes Agent under agent-vault

agent-vault run launches Hermes Agent with HTTPS_PROXY and HTTP_PROXY pre-set so both its HTTPS and plain HTTP calls route through Agent Vault for credential injection.
agent-vault run -- hermes
agent-vault run also installs an Agent Vault skill at ~/.hermes/skills/agent-vault-cli/SKILL.md that teaches Hermes Agent how to raise proposals when API access is needed. The skill persists across sessions.

Next steps

Run Hermes on a VPS

Production pattern with brokered credentials on a separate host.

Agent protocol

Full request lifecycle end-to-end.

Services

Pre-configure services you know the agent will need.