Launched this week
Vault-0

Vault-0

Encrypted secret vault and policy engine for AI agents

2 followers

Visit website
Vault-0 is a local desktop app that encrypts your AI agent's API keys and injects them ephemerally at launch. Keys exist on disk for about 2 seconds instead of sitting in plaintextenv files forever. It also runs a policy engine that enforces domain allow/block lists, output redaction, and spend caps on outbound requests. Built for OpenClaw agents with MCP hardening, a SHA-256 chained evidence ledger, and native x402 payment support. Rust + Tauri, macOS, fully local.
Vault-0 gallery image
Vault-0 gallery image
Vault-0 gallery image
Free
Launch tags:Open SourceDeveloper ToolsGitHub
Launch Team
Framer
Framer
Launch websites with enterprise needs at startup speeds.
Promoted

What do you think? …

Horizon Flow
Maker
📌
I built Vault-0 because I was running OpenClaw agents with API keys sitting in plaintext .env files. One bad log or plugin and those keys are exposed. Existing secret managers like HashiCorp Vault or Doppler expect your app to call an API to fetch secrets. AI agent frameworks don't support that. They just read .env at boot. Vault-0 takes a different approach: secrets are encrypted locally (AES-256-GCM, Argon2id), and at launch it writes an ephemeral .env, lets the daemon load, then zeros the file. Keys are on disk for about 2 seconds. On top of that there's a policy engine for controlling what your agent can access, MCP server hardening, and an evidence ledger that logs every decision with SHA-256 chaining. Tech stack is Tauri 2 + Svelte + Tailwind on the frontend, Rust (Axum, alloy, aes-gcm) on the backend. macOS only for v1.0. Open source, MIT licensed. Would love feedback on the architecture. PRs welcome. https://github.com/0-Vault/Vault-0