Agentvault

Name: Agentvault
Author: bch1212

bch1212/agentvault

Centralize API keys and third-party credentials for coding agents with encryption, spend caps, and audit trails instead of scattering secrets in .env files.

Overview

AgentVault is an MCP server for the Build phase that lets coding agents fetch Fernet-encrypted credentials under per-agent budgets and audit logs.

What is this MCP server?

Fernet-encrypted credential storage exposed to agents via MCP stdio (npm package agentvault-mcp)
Per-agent API keys (avk_) with budget limits to cap runaway tool spend
Audit logging for who used which credential and when
Connects to your AgentVault deployment via AGENTVAULT_API_URL (default Railway production URL)
stdio transport—fits Claude Code, Cursor, and other MCP-capable agents
Server schema version 0.1.0
stdio npm identifier agentvault-mcp
2 required environment variables (AGENTVAULT_API_URL, AGENTVAULT_AGENT_KEY)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Scattered .env secrets and unlimited agent API access make it easy to leak keys or burn through paid tool quotas in one bad loop.

Who is it for?

Indie builders running multiple MCP-enabled agents against Stripe, OpenAI, or other paid APIs who need per-agent keys and budgets.

Skip if: Teams that only need human SSO for a web app with no agent tool loops, or builders who refuse to run a vault API dependency.

What do I get? / Deliverables

After you register agentvault-mcp with AGENTVAULT_AGENT_KEY and your vault URL, agents pull scoped credentials with spending guardrails and a traceable audit trail.

MCP tools that retrieve encrypted credentials for agent sessions
Per-agent budget enforcement and audit log visibility via vault API
Reduced plaintext secret surface in local agent configs

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

BuildAgent skills & templates

Agent-heavy products need a vault before agents call paid APIs at scale; the canonical shelf is Build because you wire the MCP bridge while configuring agent tooling. agent-tooling is where solo builders attach MCP servers and govern what each agent can spend and access.

How it compares

MCP secrets vault with per-agent budgets, not a local-only .env helper or a generic team password manager.

Common Questions / FAQ

Who is AgentVault for?

Solo and small-team builders who ship AI agents that call external APIs and want encrypted keys, budgets, and audit logs instead of pasting secrets into the IDE.

When should I use AgentVault?

Use it when you are wiring MCP agent tooling and need each agent to have its own avk_ key, Fernet-backed storage, and spend limits before agents hit production traffic.

How do I add AgentVault to my agent?

Install the npm stdio package agentvault-mcp, set AGENTVAULT_API_URL to your vault deployment and AGENTVAULT_AGENT_KEY to your avk_ key, then add the server in Claude Code, Cursor, or another MCP client.

Agentvault

bch1212/agentvault

Centralize API keys and third-party credentials for coding agents with encryption, spend caps, and audit trails instead of scattering secrets in .env files.

Overview

AgentVault is an MCP server for the Build phase that lets coding agents fetch Fernet-encrypted credentials under per-agent budgets and audit logs.

What is this MCP server?

Fernet-encrypted credential storage exposed to agents via MCP stdio (npm package agentvault-mcp)
Per-agent API keys (avk_) with budget limits to cap runaway tool spend
Audit logging for who used which credential and when
Connects to your AgentVault deployment via AGENTVAULT_API_URL (default Railway production URL)
stdio transport—fits Claude Code, Cursor, and other MCP-capable agents
Server schema version 0.1.0
stdio npm identifier agentvault-mcp
2 required environment variables (AGENTVAULT_API_URL, AGENTVAULT_AGENT_KEY)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Scattered .env secrets and unlimited agent API access make it easy to leak keys or burn through paid tool quotas in one bad loop.

Who is it for?

Indie builders running multiple MCP-enabled agents against Stripe, OpenAI, or other paid APIs who need per-agent keys and budgets.

Skip if: Teams that only need human SSO for a web app with no agent tool loops, or builders who refuse to run a vault API dependency.

What do I get? / Deliverables

After you register agentvault-mcp with AGENTVAULT_AGENT_KEY and your vault URL, agents pull scoped credentials with spending guardrails and a traceable audit trail.

MCP tools that retrieve encrypted credentials for agent sessions
Per-agent budget enforcement and audit log visibility via vault API
Reduced plaintext secret surface in local agent configs

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

BuildAgent skills & templates

How it compares

MCP secrets vault with per-agent budgets, not a local-only .env helper or a generic team password manager.

Common Questions / FAQ

Who is AgentVault for?

Solo and small-team builders who ship AI agents that call external APIs and want encrypted keys, budgets, and audit logs instead of pasting secrets into the IDE.

When should I use AgentVault?

Use it when you are wiring MCP agent tooling and need each agent to have its own avk_ key, Fernet-backed storage, and spend limits before agents hit production traffic.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is AgentVault for?

When should I use AgentVault?

How do I add AgentVault to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is AgentVault for?

When should I use AgentVault?

How do I add AgentVault to my agent?