vault

Secure local password storage tool with AES-256-GCM encryption. Store, retrieve, and manage passwords with CLI commands.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vault" with this command: npx skills add zuiho-kai/vault

vault

Use when you need secure local storage for passwords, API keys, or credentials.

🔒 AES-256-GCM encryption - This plugin stores passwords encrypted using industry-standard AES-256-GCM encryption with a master key.

Features

  • 🔒 AES-256-GCM encryption for all stored passwords
  • 📝 Simple command-line interface
  • 🗂️ Key management and listing
  • 💾 JSON-based local storage (encrypted)
  • 🕐 Automatic timestamp tracking
  • 🔑 Master key protection

Installation

clawhub install vault

Usage

Set a password

vault gemini sk-abc123xyz

Show a password

vault gemini show

Remove a password

vault gemini remove

List all keys

vault list

Configuration

Master Key (Required)

Set your master encryption key via environment variable:

export VAULT_MASTER_KEY="your-secure-master-key-here"

Or in your OpenClaw config:

{
  "plugins": {
    "vault": {
      "masterKey": "your-secure-master-key-here",
      "storageFile": ".vault/passwords.json"
    }
  }
}

Options:

  • masterKey - Master encryption key (can also use VAULT_MASTER_KEY env var)
  • storageFile (default: .vault/passwords.json) - Storage file path relative to home directory

⚠️ Important: Keep your master key secure! Without it, you cannot decrypt stored passwords.

Security

🔒 Encryption Details:

  • Algorithm: AES-256-GCM (Galois/Counter Mode)
  • Key Derivation: scrypt with random salt per password
  • IV: Random 12-byte initialization vector per password (GCM recommended size)
  • Salt: Random 32-byte salt per password, stored with encrypted data
  • Authentication: GCM authentication tag for integrity verification

Security Best Practices:

  • Use a strong, unique master key (minimum 32 characters recommended)
  • Store master key securely (environment variable or secure config)
  • Set strict file permissions: chmod 600 ~/.vault/passwords.json
  • Add .vault/ to your .gitignore
  • Never commit your master key to version control
  • Use system-level disk encryption for additional protection
  • Backup your master key securely - lost keys mean lost passwords

Suitable for:

  • Development/testing credentials
  • API keys and tokens
  • Personal passwords
  • Team shared credentials (with secure key distribution)

Examples

# Save API keys
vault openai sk-proj-abc123
vault anthropic sk-ant-xyz789

# View a key
vault openai show
# Output: Password for 'openai': sk-proj-abc123

# List all keys
vault list
# Output:
# Stored passwords:
# • openai (created: 2026-02-17T..., updated: 2026-02-17T...)
# • anthropic (created: 2026-02-17T..., updated: 2026-02-17T...)

# Remove a key
vault openai remove

Links

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Mema Vault

Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys,...

Registry SourceRecently Updated
0503
Profile unavailable
Security

Password Generator

Secure password generator with multiple character sets and strength analysis. Use when: (1) generating strong passwords, (2) creating memorable passphrases,...

Registry SourceRecently Updated
0265
Profile unavailable
Security

ZipCracker

The ultimate, high-performance ZIP password cracking suite by Hx0 Team. Empowers the Agent with autonomous CTF-level cracking workflows, dynamic dictionary g...

Registry SourceRecently Updated
0165
Profile unavailable