Safehold
Give your coding agent encrypted, local access to passports, visas, and ID photos without shipping scans to the cloud.
Overview
Safehold is a MCP server for the Ship phase that serves a local, encrypted vault of passports, IDs, visas, and photos with builder-controlled access.
What is this MCP server?
- Local-only encrypted vault for passports, national IDs, visas, and photo attachments
- stdio MCP server (npm package safehold v1.2.0) for Claude Code, Cursor, and other MCP clients
- You control which tools and sessions can read vault entries—no default cloud sync
- Designed for builders who need KYC, travel, or onboarding flows without pasting PII into chat logs
- Server version 1.2.0
- npm registry package identifier safehold
- Transport: stdio
What problem does it solve?
You need your agent to work with real identity documents without leaking scans into cloud LLM logs or random folders on disk.
Who is it for?
Indie builders shipping travel, relocation, or KYC-adjacent products who want MCP-native PII handling on their own machine.
Skip if: Teams that require a hosted, multi-user document DAM with enterprise SSO—Safehold is personal/local-first, not a shared compliance platform.
What do I get? / Deliverables
Sensitive IDs stay encrypted locally while your agent retrieves only what you authorize through stdio MCP tools.
- Registered stdio MCP server for Safehold
- Agent tools that read/write vault entries instead of raw uploads
- Documented access policy for which sessions may touch IDs
Recommended MCP Servers
Journey fit
Identity and travel documents are highest-risk data; the canonical shelf is Ship → Security where solo builders harden how agents handle sensitive assets before production. A local vault with explicit access control maps directly to secrets handling and document safety during launch prep and compliance-minded shipping.
How it compares
Encrypted local document MCP integration, not a generic password manager skill or cloud ID-verification API.
Common Questions / FAQ
Who is Safehold for?
Solo builders and small teams using MCP agents who must reference passports, visas, or ID photos during development without uploading them to the cloud.
When should I use Safehold?
Use it when you are in Ship or late Build and need structured, access-controlled agent reads of identity documents instead of ad-hoc file attachments.
How do I add Safehold to my agent?
Install the npm package safehold (v1.2.0), add a stdio MCP server entry pointing at that binary in Claude Code or Cursor, then grant tool access only for workflows that need vault data.