Skip to main content

Server

agent-vault server [flags]
Start the Agent Vault server. Default port is 14321. On a fresh install, generates a random data encryption key (DEK) and optionally wraps it with a master password.Password resolution order: AGENT_VAULT_MASTER_PASSWORD env var, then --password-stdin, then interactive prompt. If no password is provided, runs in passwordless mode (DEK stored unwrapped). The env var is unset from the process immediately after reading.
FlagDefaultDescription
--host127.0.0.1Host to bind to
--port14321Port to listen on. Also respects the PORT env var (common on PaaS platforms); the flag takes precedence.
-d, --detachfalseRun in background (detached) mode
--password-stdinfalseRead master password from stdin
--mitm-port14322Port for the transparent MITM proxy. Enabled by default; set to 0 to disable. On first launch the root CA is created under ~/.agent-vault/ca/ — clients fetch it with agent-vault ca fetch. Bind failures are non-fatal.
--log-levelinfoLog level: info (default) or debug. At debug, emits one structured line per proxied request on stderr covering method, host, path, matched service, injected credential key names, upstream status, and duration. Credential values are never logged.
Environment variables:
VariableDescription
PORTServer listen port (default 14321). The --port flag takes precedence.
AGENT_VAULT_MASTER_PASSWORDDerives a KEK that wraps the data encryption key. Omit for passwordless mode.
AGENT_VAULT_LOG_LEVELFallback for --log-level when the flag is not set. Accepts info or debug.
AGENT_VAULT_ADDRExternally-reachable base URL (e.g. https://agent-vault.example.com). Used for links in emails, invites, and discovery. Falls back to https://<FLY_APP_NAME>.fly.dev on Fly.io, then http://{host}:{port}.
FLY_APP_NAMEAuto-detected on Fly.io. When AGENT_VAULT_ADDR is unset, derives the base URL as https://<FLY_APP_NAME>.fly.dev.
AGENT_VAULT_OAUTH_GOOGLE_CLIENT_IDGoogle OAuth client ID. When both this and the client secret are set, Google OAuth is enabled.
AGENT_VAULT_OAUTH_GOOGLE_CLIENT_SECRETGoogle OAuth client secret
AGENT_VAULT_SMTP_HOSTSMTP server host. If unset, email notifications are silently disabled.
AGENT_VAULT_SMTP_PORTSMTP server port (default 587)
AGENT_VAULT_SMTP_USERNAMESMTP username
AGENT_VAULT_SMTP_PASSWORDSMTP password
AGENT_VAULT_SMTP_FROMSender address for outgoing emails
AGENT_VAULT_SMTP_FROM_NAMESender display name (default Agent Vault)
AGENT_VAULT_SMTP_TLS_MODETLS mode: opportunistic (default), required, or none
AGENT_VAULT_SMTP_TLS_SKIP_VERIFYSkip TLS certificate verification (default false)
AGENT_VAULT_RATELIMIT_PROFILERate-limit profile: default, strict, loose, or off. Affects anonymous auth, token-redeem, proxy, authenticated CRUD, and the global in-flight / RPS ceilings.
AGENT_VAULT_RATELIMIT_LOCKWhen true, the rate-limit section in the Manage Instance UI is read-only and UI overrides are ignored. Use when you want limits pinned to env vars on PaaS.
AGENT_VAULT_RATELIMIT_<TIER>_<KNOB>Fine-grained per-tier overrides. TIERAUTH, PROXY, AUTHED, GLOBAL. KNOBRATE, BURST, WINDOW, MAX, CONCURRENCY. Env-set knobs always beat UI overrides.
AGENT_VAULT_LOGS_MAX_AGE_HOURSRetention ceiling for the per-vault request log. Default 168 (7 days). Rows older than this are trimmed by a background job every 15 minutes. Only non-secret metadata is stored.
AGENT_VAULT_LOGS_MAX_ROWS_PER_VAULTPer-vault row cap for the request log. Default 10000. Whichever limit (age or rows) fills first wins. Set 0 to disable the cap.
AGENT_VAULT_LOGS_RETENTION_LOCKWhen true, owner-UI overrides for log retention are ignored and env values (or defaults) are pinned.
agent-vault server stop
Stop a running server. Reads the PID from ~/.agent-vault/agent-vault.pid and sends SIGTERM.

CA

agent-vault ca fetch [flags]
Fetch the root CA certificate used by Agent Vault’s transparent MITM proxy, in PEM form. Install the output into your client trust store so HTTPS traffic routed through the proxy validates cleanly.The transparent proxy is enabled by default, so this command works out of the box. The endpoint is public — no authentication required. Returns an error only if the server was started with --mitm-port 0.
FlagDefaultDescription
-o, --outputWrite PEM to file instead of stdout
--addressServer URL
Examples:
# Print to stdout
agent-vault ca fetch > ca.pem

# Save directly to a file
agent-vault ca fetch -o /etc/ssl/certs/agent-vault-ca.pem

# Pipe into the macOS system keychain
agent-vault ca fetch | sudo security add-trusted-cert -d -r trustRoot \
    -k /Library/Keychains/System.keychain /dev/stdin

Authentication

agent-vault auth register [flags]
Self-signup for a new account. The first user to register becomes the instance owner, is auto-activated, and is granted admin on the default vault. Subsequent users receive a 6-digit email verification code.
FlagDefaultDescription
--addressServer URL
--emailEmail address
--password-stdinfalseRead password from stdin
agent-vault auth login [flags]
Authenticate with email and password. Prompts interactively by default. Rejects inactive (unverified) accounts.
FlagDefaultDescription
--addressServer URL
--emailEmail address
--password-stdinfalseRead password from stdin

Account

agent-vault account whoami
Show current user and session info.
agent-vault account change-password [flags]
Change your own password. Prompts interactively for current password, new password, and confirmation. Invalidates all existing sessions and issues a new one.
FlagDefaultDescription
--password-stdinfalseRead current and new passwords as two lines from stdin
agent-vault account delete
Permanently delete your own account. Owners cannot delete themselves — transfer ownership first.

Vaults

agent-vault vault create <name>
Create a new vault. Name must be in slug format (lowercase alphanumeric and hyphens).
agent-vault vault list
List vaults the current user has access to.
agent-vault vault delete <name> [flags]
Delete a vault and all its credentials, services, and proposals. Requires vault admin or instance owner role. The default vault cannot be deleted.
FlagDefaultDescription
--yesfalseSkip confirmation prompt
agent-vault vault rename <old-name> <new-name>
Rename a vault. Requires vault admin or instance owner role. The default vault cannot be renamed.
agent-vault vault use <name>
Set the active vault for subsequent commands. When set, commands that accept --vault will default to this vault instead of default.
agent-vault vault current
Show the active vault.
agent-vault vault init [flags]
Bind the current directory to a vault by writing an agent-vault.json file. This file is meant to be committed to version control so the whole team shares the vault binding.Vault resolution priority: --vault flag > AGENT_VAULT_VAULT env var > agent-vault.json > user context > "default".Uses an interactive picker if multiple vaults are available. Use --vault to skip the picker.
agent-vault vault discover [flags]
Show available services and credentials for the current vault. Requires a vault-scoped session (via agent-vault vault run or AGENT_VAULT_SESSION_TOKEN + AGENT_VAULT_ADDR env vars).
FlagDefaultDescription
--jsonfalseOutput response as JSON
agent-vault vault run [flags] -- <command>
Wrap a process with Agent Vault environment variables. The child process always receives AGENT_VAULT_ADDR, AGENT_VAULT_SESSION_TOKEN, and AGENT_VAULT_VAULT. When the server’s transparent MITM proxy is reachable (default), it also receives HTTPS_PROXY / NO_PROXY / NODE_USE_ENV_PROXY plus CA-trust variables (SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE, CURL_CA_BUNDLE, GIT_SSL_CAINFO, DENO_CERT) pointing at ~/.agent-vault/mitm-ca.pem, so standard HTTPS clients transparently route through the broker.
FlagDefaultDescription
--addressServer address override
--roleproxyVault role for the session: proxy, member, or admin
--ttl0Session TTL in seconds (300–604800). Default: server default (24h).
--no-mitmfalseSkip HTTPS_PROXY/CA env injection; rely solely on the explicit /proxy/{host}/{path} endpoint.
--sandboxprocessSandbox mode for the child: process (default, cooperative) or container (non-cooperative Docker sandbox; see Container sandbox). Also read from AGENT_VAULT_SANDBOX.
--imageOverride the bundled container image (--sandbox=container only).
--mountExtra bind mount src:dst[:ro]; repeatable (--sandbox=container only). Host paths are EvalSymlinks-resolved; reserved paths rejected.
--keepfalseOmit --rm from docker run (--sandbox=container only; useful for debugging).
--no-firewallfalseSkip the iptables egress lockdown (--sandbox=container only; debug, prints a warning).
--home-volume-sharedfalseShare /home/claude/.claude across invocations (--sandbox=container only). Default is a per-invocation volume — auth doesn’t persist but concurrent runs can’t corrupt each other.
agent-vault vault token [flags]
Mint a vault-scoped session token and print it to stdout. Useful when you need a scoped token without wrapping a child process via vault run.
FlagDefaultDescription
--addressServer address override
--roleproxyVault role for the session: proxy, member, or admin
--ttl0Session TTL in seconds (300–604800). Default: server default (24h).
# Export token for use in other commands
export AGENT_VAULT_SESSION_TOKEN=$(agent-vault vault token)
export AGENT_VAULT_ADDR=http://localhost:14321
export AGENT_VAULT_VAULT=default

# Mint a short-lived token with member role
agent-vault vault token --vault myproject --role member --ttl 3600

Vault users

agent-vault vault user add <email> [flags]
Add an existing instance user to a vault (direct grant, no invite needed).
FlagDefaultDescription
--vaultdefaultTarget vault
--rolememberVault role: admin or member
agent-vault vault user list [flags]
List members of a vault. Includes pending invite pre-assignments with “pending” status.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault user remove <email> [flags]
Remove a user from a vault.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault user set-role <email> [flags]
Change a user’s vault-level role.
FlagDefaultDescription
--vaultdefaultTarget vault
--roleVault role: admin or member (required)

Users

agent-vault user list
List all users in the instance. Owners see vault memberships; members see email, role, and creation date.
agent-vault user invite <email> [flags]
Invite a user to the Agent Vault instance. Sends an HTML email with an acceptance link if SMTP is configured; always returns the invite_link in the response. Any authenticated user can create invites. Invites optionally pre-assign vault access.
FlagDefaultDescription
--rolememberInstance role for the invited user: owner or member
--vaultVault pre-assignment in name:role format (repeatable). Role defaults to member.
# Invite with vault pre-assignments
agent-vault user invite alice@example.com --vault default:admin --vault payments:member

agent-vault user invite list [flags]
List user invites. Owners see all invites; others see invites they created or with pre-assignments to vaults they admin.
FlagDefaultDescription
--statusFilter by status (e.g. pending)
agent-vault user invite revoke <token_suffix>
Revoke a pending user invite by the last 8 or more characters of the token.

Services

agent-vault vault service list [flags]
Print the current vault services as YAML.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault service set [flags]
Set the vault services. Without -f, launches an interactive builder that prompts for services, auth configs, and credentials (requires TTY). With -f, replaces the services from a YAML file.
FlagDefaultDescription
--vaultdefaultTarget vault
-fPath to a YAML services file
agent-vault vault service add [flags]
Add or update a single service (upsert by host). Use -f to upsert services from a YAML file non-destructively (unlike set -f, which replaces all).
FlagDefaultDescription
--vaultdefaultTarget vault
-fPath to a YAML services file (upsert mode)
--hostTarget service host (e.g. api.stripe.com)
--descriptionService description
--auth-typeAuth type: bearer, basic, api-key, custom, passthrough
--token-keyCredential key for bearer auth
--username-keyCredential key for basic auth username
--password-keyCredential key for basic auth password
--api-key-keyCredential key for api-key auth
--api-key-headerAuthorizationHeader name for api-key
--api-key-prefixPrefix for api-key value
--disabledfalseCreate the service in a disabled state (proxy traffic returns 403 until enabled)
The passthrough auth type accepts no credential flags; Agent Vault allowlists the host and forwards the client’s request headers unchanged, stripping only hop-by-hop and broker-scoped headers (X-Vault, Proxy-Authorization).New services are enabled by default. Pass --disabled to create the service in a disabled state, or use agent-vault vault service disable <host> after creation.
agent-vault vault service enable <host> [flags]
Enable a service so proxy traffic to the host resumes. Idempotent — no error if the service is already enabled.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault service disable <host> [flags]
Disable a service while preserving its configuration. Agents proxying to the host receive 403 with error code service_disabled until the service is re-enabled. Idempotent.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault service remove <host> [flags]
Remove a specific service by host. Prompts for confirmation unless --yes is passed.
FlagDefaultDescription
--vaultdefaultTarget vault
--yesfalseSkip confirmation prompt
agent-vault vault service clear [flags]
Remove all vault services. Prompts for confirmation unless --yes is passed.
FlagDefaultDescription
--vaultdefaultTarget vault
--yesfalseSkip confirmation prompt

Credentials

agent-vault vault credential list [flags]
List credential keys in a vault. Alias: agent-vault vault creds list.
FlagDefaultDescription
--vaultdefaultTarget vault
--revealfalseShow decrypted credential values (requires member+ role)
agent-vault vault credential get <KEY> [flags]
Print the decrypted value of a single credential to stdout. Pipe-friendly. Requires member+ role. Alias: agent-vault vault creds get.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault credential set <KEY=VALUE> [KEY2=VALUE2 ...] [flags]
Store one or more credentials using KEY=VALUE format. Alias: agent-vault vault creds set.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault credential delete <KEY> [KEY2 ...] [flags]
Delete one or more credentials. Alias: agent-vault vault creds delete.
FlagDefaultDescription
--vaultdefaultTarget vault

Proposals

agent-vault vault proposal list [flags]
List proposals for a vault.
FlagDefaultDescription
--vaultdefaultTarget vault
--statusFilter by status (e.g. pending)
agent-vault vault proposal show <number> [flags]
Show details of a proposal.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault proposal create [flags]
Create a proposal to request services or credentials. Supports two modes: flag-driven (for simple single-service proposals) and JSON file (for complex or multi-service proposals).
FlagDefaultDescription
--vaultdefaultTarget vault
-f, --filePath to JSON proposal file (use - for stdin)
--hostTarget service host (e.g. api.stripe.com)
--descriptionService description
--auth-typeAuth type: bearer, basic, api-key, or passthrough
--token-keyCredential key for bearer auth
--username-keyCredential key for basic auth username
--password-keyCredential key for basic auth password
--api-key-keyCredential key for api-key auth
--api-key-headerHeader name for api-key (default Authorization)
--api-key-prefixPrefix for api-key value
--credentialCredential to request: KEY or KEY=description (repeatable)
-m, --messageProposal message/reason
--user-messageHuman-facing explanation for the browser approval page
--jsonfalseOutput response as JSON
# Flag-driven: request a bearer-auth service with a credential
agent-vault vault proposal create \
  --host api.stripe.com \
  --auth-type bearer \
  --token-key STRIPE_KEY \
  --credential STRIPE_KEY="Stripe secret key" \
  -m "Need Stripe access for payment processing"

# JSON file: complex multi-service proposal
agent-vault vault proposal create -f proposal.json

agent-vault vault proposal approve <number> [KEY=VALUE ...] [flags]
Approve and apply a proposal. Requires an active login session. Pass credential values as KEY=VALUE arguments or the command will prompt for any missing credentials.
FlagDefaultDescription
--vaultdefaultTarget vault
--yesfalseSkip confirmation prompt
agent-vault vault proposal reject <number> [flags]
Reject a pending proposal. Requires an active login session.
FlagDefaultDescription
--vaultdefaultTarget vault
--reasonRejection reason
agent-vault vault proposal review [flags]
Interactively walk through all pending proposals. For each proposal you can approve, reject, skip, or quit. Requires an active login session.
FlagDefaultDescription
--vaultdefaultTarget vault

Agents (instance-level)

agent-vault agent invite <name> [flags]
Create an agent invite and print the onboarding prompt (copies to clipboard). The agent redeems the invite via HTTP and receives an instance-level agent token.
FlagDefaultDescription
--rolememberInstance-level role: owner or member
--vaultVault pre-assignment in name:role format (repeatable). Role defaults to proxy.
--invite-ttl15mInvite link expiration time (Go duration format)
--addressAgent Vault server address (default: from session)
--token-onlyfalseOutput only the raw invite token (for programmatic use)
# Invite with vault pre-assignments
agent-vault agent invite my-agent --vault default:proxy --vault payments:member

# Invite as an instance owner
agent-vault agent invite my-agent --role owner --vault default:admin

agent-vault agent invite list [flags]
List agent invites.
FlagDefaultDescription
--statusFilter by status (e.g. pending)
agent-vault agent invite revoke <token_suffix>
Revoke a pending invite by the last 8 or more characters of the token.
agent-vault agent list
List all agents across the instance.
agent-vault agent info <name>
Show agent details including vaults, status, and active session count.
agent-vault agent delete <name>
Delete an agent and all its sessions across all vaults.
agent-vault agent rotate <name>
Create a rotation invite to re-issue an agent’s session. The old sessions are invalidated when the agent redeems the new invite.
agent-vault agent rename <name> <new-name>
Rename an agent. Keeps the same vault access.
agent-vault agent set-role <name> [flags]
Change an agent’s instance-level role. The last owner (across both users and agents) cannot be demoted.
FlagDefaultDescription
--roleInstance role: owner or member (required)

Agents (vault-level)

agent-vault vault agent list [flags]
List agents in a specific vault.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault agent add <name> [flags]
Add an existing instance agent to a vault.
FlagDefaultDescription
--vaultdefaultTarget vault
--roleproxyVault role: proxy, member, or admin
agent-vault vault agent remove <name> [flags]
Remove an agent from a vault.
FlagDefaultDescription
--vaultdefaultTarget vault
agent-vault vault agent set-role <name> [flags]
Change an agent’s vault role.
FlagDefaultDescription
--vaultdefaultTarget vault
--roleVault role: proxy, member, or admin (required)

Owner — users

agent-vault owner user list
List all users on the instance. Owner only.
agent-vault owner user info [email]
View user info and vault memberships. If no email is provided, shows your own info. Owner can view any user; members can only view themselves.
agent-vault owner user remove <email>
Remove a user from the instance. Owner only.
agent-vault owner user set-role <email> [flags]
Change a user’s instance-level role. The last owner cannot be demoted. Owner only.
FlagDefaultDescription
--roleInstance role: owner or member (required)

Owner — vaults

agent-vault owner vault list
List all vaults on the instance. Owner only.
agent-vault owner vault join <name>
Join a vault as admin. Useful for recovering orphaned vaults. Owner only. Returns 409 if already a member.
agent-vault owner vault delete <name>
Delete a vault. Owner only.

Owner — config

agent-vault owner config get
Show current instance settings including invite_only and allowed_email_domains. Owner only.
agent-vault owner config set [flags]
Update instance settings. Owner only.
FlagDefaultDescription
--invite-onlyEnable or disable invite-only registration (true or false)
--allowed-domainsComma-separated list of allowed email domains (empty to clear)

Master password

Manage the master password that wraps the data encryption key (DEK). All commands require the server to be stopped. 
agent-vault master-password set
Set a master password on a passwordless instance. Wraps the existing DEK under a new KEK derived from the password. No credentials are re-encrypted.
agent-vault master-password change
Change the master password. Re-wraps the DEK under a new KEK. No credentials are re-encrypted.
agent-vault master-password remove
Remove the master password, switching to passwordless mode. The DEK is stored in plaintext — security depends on filesystem access controls.

Utilities

agent-vault catalog [flags]
Browse built-in service templates. No authentication required.
FlagDefaultDescription
--jsonfalseOutput response as JSON
--addressServer address (default: auto-detect)
agent-vault owner email test [flags]
Send a test email to verify SMTP configuration. Owner only.
FlagDefaultDescription
--toOwner’s emailRecipient email address
--addressServer address override
agent-vault owner reset [flags]
Permanently delete all data and reset the instance to a fresh state. Requires a running server for role verification. Auto-stops the server before wiping data. Owner only.
FlagDefaultDescription
--yesfalseSkip confirmation prompt
agent-vault version
Print the version and build information.

Installer

The install.sh script (curl -fsSL https://get.agent-vault.dev | sh) is not part of the agent-vault binary but reads one environment variable:
VariableDefaultDescription
AGENT_VAULT_NO_TELEMETRY(unset)When set to any non-empty value, skips the anonymous install/upgrade beacon (OS, architecture, version — nothing else). Must be placed in front of sh, not curl: curl -fsSL https://get.agent-vault.dev | AGENT_VAULT_NO_TELEMETRY=1 sh.