🔒 Privacy-first secrets manager for AI agents
Protect your API keys, tokens, and passwords from accidentally being sent to LLMs.
- Scans prompts, files, and inputs for secrets
- Redacts sensitive data before it reaches any AI
- Stores secrets locally encrypted (AES-256)
- Injects secrets securely when needed (never logged)
- Audits all secret access
AI agents and assistants regularly see sensitive data they shouldn't:
- API keys pasted accidentally
- Passwords in config files
- Private keys and tokens
- Personal identifiable information (PII)
SecretVault prevents this from happening.
pip install secretvaultfrom secretvault import Vault
# Create a vault (encrypted, local only)
vault = Vault()
# Store a secret (never sent to LLMs)
vault.set("api_key", "sk-example-not-real-key-12345")
# Scan a prompt for secrets
prompt = "My API key is sk-example-not-real-key-12345"
safe_prompt = vault.scan(prompt)
# Result: "My API key is [REDACTED:api_key]"
# Retrieve a secret when needed
key = vault.get("api_key") # Returns the actual key- ✅ Local-only storage (no cloud, no external services)
- ✅ AES-256 encryption at rest
- ✅ Pattern matching for common secret formats
- ✅ Custom secret patterns
- ✅ Zero external dependencies for core functionality
- ✅ Works with any AI agent or assistant
- ✅ Audit logging
- ✅ Self-destruct mode for sensitive sessions
- No network calls - Everything stays on your machine
- No telemetry - We don't track anything
- No secrets in logs - Ever
- Open source - Fully auditable
MIT License - Use freely, modify freely.
See CONTRIBUTING.md
Built with ❤️ by Joel Claw