Skip to main content
Agent Vault is an agent-first, open source proxy and secrets management vault by Infisical that sits between agents and the APIs they call. Check out the GitHub repository. Agents route HTTP requests through an Agent Vault server, which reconstructs each request with the right set of authentication credentials, before forwarding it to the target service.
Agent Vault architecture diagram

Why Agent Vault

Traditional credential management solutions return credentials directly to the end users of that solution. This is not suitable for agents because they are non-deterministic and vulnerable to prompt injection. This implies that an attacker could craft a malicious prompt and exfiltrate credentials from an agent back to the attacker. Enter Agent Vault - a new credential management solution built for agents that prevents credential exfiltration with ergonomic, agent-first design.

How it works

  1. Your agent calls /discover to see which services are available in the vault.
  2. If a service isn’t listed, the agent raises a proposal requesting access.
  3. You review and approve in the browser, pasting in the API key.
  4. The agent retries through the proxy — Agent Vault attaches the real credentials and forwards to the target API.
The agent never sees or handles your secrets. Learn more about vaults, services, proposals, and agents.

Get started

Installation

Install Agent Vault, start a server, and register.

Your first proposal

See Agent Vault in action in under 2 minutes.

Quickstart

Claude Code

Connect Claude Code to Agent Vault.

Cursor

Connect Cursor to Agent Vault.

Codex

Connect Codex to Agent Vault.

OpenClaw

Connect OpenClaw to Agent Vault.

NanoClaw

Connect NanoClaw to Agent Vault.

Hermes Agent

Connect Hermes Agent to Agent Vault.

Custom Agent

Connect any HTTP-capable agent.