Blog Lançamentos Problemas Documentos Download Status Looking Glass Falar com Vendas
Rede Resiliência Recuperação Segurança Cofre Imutável Auditoria com evidência de adulteração Preços
Desenvolvedores
Visão geral do desenvolvedorCLI, SDKs, webhooks InfraestruturaDocker, K8s, Terraform, CI/CD. Agentes de IAClaude Code, Codex, Cursor, Hermes, OpenClaw. Ferramentas MSPDatto, NinjaOne, ConnectWise, N-able. Extensão de navegadorPreenchimento automático, login baseado em dispositivo, gerador Aplicativos móveisiOS e Android nativos Claude CodeTokens com âmbito limitado CodexIntegração OpenAI CursorModo agente Hermes AgentAgente Hermes da Nous Research OpenClawResolvedor de agente ImportarDe qualquer gerenciador de senhas
Recursos
Blog Lançamentos Problemas Documentos Download Status Looking Glass Falar com Vendas
Soluções
Consumidor SMB Enterprise MSP
Idioma
🇺🇸 English 🇮🇩 Bahasa Indonesia 🇩🇰 Dansk 🇩🇪 Deutsch 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇳🇴 Norsk 🇵🇱 Polski 🇧🇷 Português 🇫🇮 Suomi 🇸🇪 Svenska 🇻🇳 Tiếng Việt 🇹🇷 Türkçe 🇷🇺 Русский 🇺🇦 Українська 🇮🇳 हिन्दी 🇹🇭 ไทย 🇨🇳 中文 🇯🇵 日本語 🇰🇷 한국어
Entrar Obtenha gratuitamente para sempre Comece

Agentes de IA

Every agent. Scoped access.
Full audit trail.

Each agent gets its own token, its own scopes, its own rate limits. The vault logs every credential access. Agents that access too many distinct credentials are automatically locked.

How agent access works

Your vault issues scoped tokens — each token grants access to specific entries. The agent can fetch what it's been named to and cannot discover what it hasn't. There is no agent-facing endpoint that returns a list of credentials. No search, no browse, no enumerate.

Every access is logged with the agent identity, the credential accessed, the timestamp, and the source IP. Rate limits enforce three unique credentials per minute and ten per hour. A second violation within two hours triggers a hard lockdown — the agent is frozen until you unlock it with your hardware key.

# One-time setup — paste the scoped token at the prompt, or pipe it in
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init

# The agent can now fetch credentials within its scope
$ clavitor-cli get "GitHub Deploy" --field password
$ clavitor-cli totp "GitHub"
847203

# Anything outside scope is refused
$ clavitor-cli get "Stripe API" --field key
clavitor-cli: CV-2041: Access denied.

Agent integrations

Claude Code

# One-time setup; the skill is installed on first init
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init

# Claude Code can now:
#   "get me the AWS credentials"
#   "what's the GitHub deploy token?"
#   "store this API key as 'Stripe Prod'"

The installed skill enforces guardrails: one credential at a time, no bulk enumeration, secrets never echoed to conversation output.

Codex (OpenAI)

# Codex uses the HTTPS proxy — no API key in the environment
$ export HTTPS_PROXY=http://localhost:1983
$ codex

O proxy resolve referências clavitor:// em cabeçalhos de requisição de saída. A chave nunca entra na memória ou nos logs do Codex.

OpenClaw

Replace hardcoded API keys in openclaw.json with vault references:

{
  "providers": {
    "openrouter": {
      "apiKey": "clavitor://OpenRouter API/key"
    },
    "fireworks": {
      "apiKey": "clavitor://Fireworks.ai/key"
    }
  },
  "channels": {
    "discord": {
      "accounts": {
        "main": { "token": "clavitor://Discord Bot/token" }
      }
    }
  }
}
# Start with resolved config
$ clavitor-cli render openclaw.json | openclaw start --config -

Hermes

# Initialize with a scoped token (stdin keeps the secret out of argv)
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init

# Hermes resolves credentials via the CLI skill,
# or through the proxy for API calls
$ export HTTPS_PROXY=http://localhost:1983
$ hermes start

Cursor / Windsurf / Aider

Any agent that runs shell commands. Add to project instructions:

# "Use clavitor-cli to retrieve secrets. Never ask the user for passwords."

CrewAI / LangChain / AutoGen

import subprocess

def get_secret(name, field="password"):
    return subprocess.check_output(
        ["clavitor-cli", "get", name, "--field", field]
    ).decode().strip()

# Use inline — don't store in a variable longer than needed
client = OpenAI(api_key=get_secret("OpenRouter API", "key"))

n8n / Make / Zapier

Use the HTTPS proxy for HTTP-based integrations — credentials are resolved transparently from request headers:

$ export HTTPS_PROXY=http://localhost:1983
$ curl -H "Authorization: Bearer clavitor://Stripe API/key" \
  https://api.stripe.com/v1/charges

Multi-agent setups

Running multiple agents on different projects? Create a separate agent for each. Every agent gets its own scope, its own rate limits, its own audit trail.

Agente de trabalho

Com escopo para credenciais GitHub, AWS, Jira e Slack

Agente pessoal

Com escopo para e-mail, mídias sociais e armazenamento em nuvem

Agente de implantação

Com escopo para chaves SSH, credenciais de banco de dados e tokens de API

Todo acesso é registrado

O registro de auditoria grava qual agente acessou qual credencial, quando e de onde.

# TIME                 ACTION    ENTRY               ACTOR
2026-03-08 10:23:14  read      github.com          cli:claude-code
2026-03-08 10:23:15  fill      github.com          cli:claude-code
2026-03-08 11:45:02  read      aws-production      cli:deploy-agent
2026-03-08 14:12:33  ai_read   openrouter.com      cli:codex

Your agents are already using credentials.
Start protecting them.

Scoped tokens. Per-agent audit. Automatic lockdown. The vault is at a distance — your agents call a narrow API, they never hold the keys.

Comece grátisVisão geral do desenvolvedor →