George Orwell — 1984
We did. Your Identity Encryption key is derived in your browser from your WebAuthn authenticator — fingerprint, face, or hardware key. Our servers have never seen it. They could not decrypt your private fields even if they wanted to. Or anybody else.
Credential issuance & password management
Your agents deploy code, rotate keys, complete 2FA — but current password managers either give them everything or nothing. Clavitor issues scoped credentials to each agent. No vault browsing. No discovery.
Every password manager encrypts with a master password. When that password is weak — or stolen — everything falls. Clavitor derives keys from your hardware. No password to crack. No backup to brute-force.
Every password manager was built before AI agents existed. Now they need to catch up.
All others give your AI agent access to everything in your vault, or nothing at all. Your AI needs your GitHub token — it shouldn't also see your passport number.
"AI-safe" vaults still decrypt everything server-side. If the server can read it, it's not truly private. Math beats policy every time.
Your AI can't log in, pass two-factor, or rotate keys without access. clavitor lets it do all three — without exposing your credit card to the same pipeline.
How it works
Every field is encrypted. But some get a second lock. That second key is derived from your WebAuthn authenticator and only exists in your browser. We hold the safe. Only you hold that key.
Encrypted at rest, decryptable by the vault server. Your AI agent accesses these via the CLI.
Encrypted client-side with WebAuthn PRF. The server never sees the plaintext. Ever.
Not another password manager with an AI checkbox. The architecture is the feature.
Each field has its own encryption tier. Your AI reads the username, not the CVV. Same entry, different access.
Identity Encryption uses WebAuthn PRF — a cryptographic key derived from your WebAuthn authenticator — fingerprint, face, or hardware key. Math, not policy. We literally cannot decrypt it.
Store TOTP secrets as Credential fields. Your AI generates time-based codes on demand via the CLI — no more switching to your phone.
Create separate tokens per agent. Each token sees only its designated entries. Compromise one, the rest stay clean.
No Docker. No Postgres. No Redis. One Go binary, one SQLite file. Runs on a Raspberry Pi. Runs on a $4/month VPS.
Import from any password manager. The built-in LLM automatically classifies which fields should be Credential vs Identity.
Create scoped CLI tokens per agent. One compromised agent exposes one scope — not your entire vault.
Why not MCP? Because MCP gives the agent access to the vault — search, list, browse. That's too much. Clavitor's CLI gives the agent exactly the credentials it's scoped to. Nothing more. No browsing, no discovery, no surprise access.
Agent workflow
# Agent fetches credential — encrypted, never plaintext $ clavitor get github.token --agent dev --format env GITHUB_TOKEN=ghp_a3f8... # Scoped: dev agent can't see social credentials $ clavitor get twitter.oauth --agent dev Error: access denied (scope: dev)
Four ways in. Each one designed for a different context. All pointing at the same encrypted store.
CLI
Agents call the CLI to fetch credentials — scoped per agent. Each agent sees only what it's been granted. No vault browsing, no discovery.
Extension
Autofill passwords, generate 2FA codes inline, and unlock Identity fields with your authenticator — without leaving the page you're on.
CLI
Pipe credentials directly into scripts and CI pipelines. vault get github.token — done.
API
REST API with scoped tokens. Give your deployment pipeline read access to staging keys. Nothing else.
Why this matters
In 2022, LastPass lost encrypted vault backups. Each vault was encrypted with the customer's master password. Three years later, attackers are still cracking them — weak passwords first, stronger ones next. The FBI traced $150M in crypto theft to that single breach. But crypto is just the visible damage — the same vaults held bank logins, corporate VPN credentials, medical portals, and tax accounts.
Confirmed crypto stolen from a single breach. FBI-traced. Still growing. Krebs on Security ↗
Thefts still ongoing. The encryption was per-customer — but the key was a password. Passwords get cracked. Security Affairs ↗
Brute-forcing a Clavitor hardware key at a trillion guesses per second would take a trillion × a trillion × a trillion × a trillion times longer than the universe has existed. That's not a figure of speech. That's the math.
Clavitor's answer: {{len .Pops}} regions — every vault is an isolated database, not a row in a shared table. Every credential and identity field has its own encryption key derived from your WebAuthn authenticator — fingerprint, face, YubiKey, or any FIDO2 device. Not a password you chose. Not a password you could choose. A key that never existed on any server, never existed in any backup, and cannot be brute-forced because it was never a string of characters to begin with.
That power comes with responsibility. Always register at least two devices (phone + laptop). Better yet: print your recovery key, protect it with a PIN, and store it somewhere outside your home. If you lose all your devices, that printout is your only way back in. We can't help you — by design.
The competition
Real complaints from real users — about 1Password, Bitwarden, and LastPass. Pulled from forums, GitHub issues, and Hacker News. Not cherry-picked from our own users.
1PASSWORD — Community Forum
"The web extensions are laughably bad at this point. This has been going on for months. They either won't fill, wont' unlock, or just plain won't do anything (even clicking extension icon). It's so bad"
BITWARDEN — GitHub Issues
"Every single website loads slower. From Google, up to social media websites like Reddit, Instagram, X up to websites like example.com. Even scrolling and animation stutters sometimes. javascript heavy websites like X, Instagram, Reddit etc. become extremely sluggish when interacting with buttons. So for me the Bitwarden browser extension is unusable. It interferes with my browsing experience like malware."
LASTPASS — Hacker News
"The fact they're drip-feeding how bad this breach actually was is terrible enough... Personally I'm never touching them again."
— intunderflow, January 2023 ↗
1PASSWORD — Community Forum
"Since doing so, it asks me to enter my password every 10 minutes or so in the chrome extension"
— Anonymous (Former Member), November 2022 ↗
BITWARDEN — Community Forums
"the password not only auto-filled in the password field, but also auto-filled in reddit's search box!"
"if autofill has the propensity at times to put an entire password in plain text in a random field, autofill seems like more risk than it's worth."
BITWARDEN — Community Forums
"Bitwarden REFUSES to autofill the actual password saved for a given site or app...and instead fills an old password. It simply substitutes the OLD password for the new one that is plainly saved in the vault."
All quotes verbatim from public posts. URLs verified. View sources →
A password manager that only works on your home network isn't a password manager. Your laptop moves. Your phone moves. Your browser extension needs your vault at the coffee shop, on the plane, at the client's office.
Self-hosting that means a server with a public IP, DNS, TLS certificates, uptime monitoring, and backups. That's not a weekend project — that's infrastructure.
We run clavitor across {{len .Pops}} regions on every continent. $20 $12/yr. Your Identity Encryption keys never leave your browser — we mathematically cannot read your private fields.
One command. No dependencies.
Terminal
Agent access — scoped, encrypted
# Create a scoped token for your deploy agent $ clavitor token create --scope deploy --name "CI pipeline" Token: ctk_deploy_9f2a... # Agent fetches only what it's scoped to $ clavitor get vercel.token --agent deploy VERCEL_TOKEN=tV3r...