{{define "index"}}

George Orwell — 1984

"If you want to keep a secret, you must also hide it from yourself."

The only password manager for AI agents worth your trust.

We cannot read your passwords. Not will not. Cannot. Your Credential and Identity keys are derived from your hardware authenticator and baked into your tokens. Our servers hold ciphertext they have never had the means to decrypt.

Get hosted — $20 $12/yr Self-host free →
AI Agent You only Credential Encryption github_token ssh_key totp_github oauth_slack Identity Encryption credit_card cvv passport ssn

The problem with every other password manager

In 2022, attackers stole the entire vault database of a leading password manager. The encryption worked exactly as designed. Accounts are still being drained today — four years later. The problem was never the encryption. It was who held the key.

They hold the key

Every major password manager encrypts your vault — then stores a way to decrypt it. The company's servers have always had what it takes to read your passwords. You just hoped they wouldn't.

Policy isn't protection

"We will not read your passwords" is a promise. Promises can be broken, compelled, or hacked. clavitor cannot read your Credential or Identity fields — not will not. Cannot. The key was never here.

AI agents need credentials now

Your AI needs your GitHub token to deploy. It shouldn't also be able to see your passport. Every other manager is all-or-nothing. clavitor gives agents exactly what they need — nothing more.

How it works

"Your assistant can book your flights.
Not read your diary."

Everything in your vault is encrypted. What differs is who holds the key.

Vault Encryption covers everything — the server uses it to store and serve your data. Credential and Identity fields go further: those keys are derived from your hardware authenticator, baked into your tokens, and never sent to our servers. We hold the vault. We never got those keys.

Vault Encryption

Titles, URLs, usernames

Server-readable. Encrypted at rest with the vault key. Needed for search, entry listing, and MCP tool responses.

  • Entry names & labels
  • URLs
  • Usernames
  • Tags & metadata
Credential Encryption

AI-readable secrets

Encrypted client-side. The key lives in your agent tokens. The server stores ciphertext it has never had the means to decrypt.

  • API keys & tokens
  • SSH keys
  • TOTP 2FA seeds — AI generates codes
  • OAuth tokens
Identity Encryption

Touch ID only

Encrypted client-side with a key derived from your WebAuthn PRF. Hardware tap required. Not in tokens. Agents receive [Identity Encryption — hardware key required].

  • Credit card numbers & CVV
  • Passport & government IDs
  • Social security numbers
  • Seed phrases & private keys

Built different

Not another password manager with an AI checkbox. The architecture is the feature.

Field-level encryption tiers

Each field carries its own encryption layer. Your AI reads the API key, not the CVV. Same entry, different keys, different access.

WebAuthn PRF

Credential and Identity keys derive from your biometric hardware — Touch ID, Face ID, YubiKey, Titan Key. No master password. No server-side key storage. Math, not policy.

AI-powered 2FA

Store TOTP secrets as Credential fields. Your AI generates time-based codes on demand via MCP — no more switching to your phone during a deployment.

Client-side encryption

Your browser and agents encrypt before anything leaves the client. The vault stores what it receives. It has never seen your Credential or Identity plaintext.

One binary, one file

No Docker. No Postgres. No Redis. One Go binary, one SQLite file. Runs on a Raspberry Pi. Runs on a $4/month VPS. Port 1984.

Smart import

Native parsers for Chrome, Firefox, Bitwarden, Proton Pass. Any other format via LLM. Auto-detects which fields should be Credential vs Identity. Collision resolution by modification date.

Your agents get in.
Nobody else gets anything.

MCP-native from day one. Every AI agent that supports MCP can read credentials, fetch API keys, and generate 2FA codes — using only what it needs.

Each token is a combined credential: MCP auth and the Credential private key, wrapped together. The agent decrypts locally. The server sees a request and returns ciphertext. Nothing in between.

~/.claude/mcp.json

{
  "mcpServers": {
    "clavitor": {
      "url": "http://localhost:1984/mcp",
      "headers": {
        "Authorization": "Bearer v1984_..."
      }
    }
  }
}

MCP Tools

  • get_credential — fetch by query
  • list_credentials — list accessible entries
  • get_totp — live 2FA code
  • search_vault — full-text search
  • check_expiring — upcoming expirations
  • save_credential — write (explicit permission only)

Identity Encryption fields

Agents receive [Identity Encryption — hardware key required] for card numbers, passports, and government IDs. They know the field exists. They cannot read it. Ever.

Your agent and you — same vault, right access

Four ways in. Each designed for a different context. All pointing at the same encrypted store.

MCP

For AI agents

Claude Code, Codex, Cursor, or any MCP-compatible agent. Search credentials, fetch API keys, complete 2FA flows — without asking you.

Extension

For humans in a browser

Autofill passwords, generate 2FA codes inline. LLM field mapping fills by intent, not CSS selector — works on SPAs, obfuscated forms, multi-step flows.

CLI

For terminal workflows

Pipe credentials into scripts and CI pipelines. vault get github.token — done.

API

For everything else

REST API with read/write tokens. Full audit log: every access tagged by actor — web, extension, MCP, or agent name.

Real complaints. Real users.

We listened. And addressed them all.

Verbatim quotes from real users — pulled from public forums, GitHub issues, and community threads. Not cherry-picked. Not paraphrased.

Leading password manager — Community Forum

"The web extensions are laughably bad at this point. This has been going on for months. They either won't fill, wont' unlock, or just plain won't do anything (even clicking extension icon). It's so bad"

Community forum, April 2024

  • clavitor: No desktop app dependency. The extension calls the vault binary directly — no IPC, no sync layer, no unlock chain.

Leading password manager — GitHub Issues

"Every single website loads slower. From Google, up to social media websites like Reddit, Instagram, X... Even scrolling and animation stutters sometimes. So for me the browser extension is unusable. It interferes with my browsing experience like malware."

GitHub Issues, 2024

  • clavitor: Zero content scripts. The extension injects nothing into pages — fills via browser autofill API, on demand, when you ask.

Leading password manager — Hacker News

"The fact they're drip-feeding how bad this breach actually was is terrible enough... Personally I'm never touching them again."

Hacker News, January 2023

  • clavitor: Credential and Identity fields are encrypted before they reach us. We mathematically cannot read them — and neither can anyone who breaches our servers.

Leading password manager — Community Forum

"Since doing so, it asks me to enter my password every 10 minutes or so in the chrome extension"

Community forum, November 2022

  • clavitor: WebAuthn-first. Touch ID is the primary unlock. Session lives locally — no server-side token expiry forcing re-auth every few minutes.

Leading password manager — Community Forums

"the password not only auto-filled in the password field, but also auto-filled in reddit's search box!"

Community forum

  • clavitor: LLM field mapping. The extension reads the form and asks the model which field is which — fills by intent, not by CSS selector guesswork.

Leading password manager — Community Forums

"Bitwarden REFUSES to autofill the actual password saved for a given site or app...and instead fills an old password. It simply substitutes the OLD password for the new one that is plainly saved in the vault."

Community forum

  • clavitor: LLM field mapping matches by intent. Entries are indexed by URL — the right credential, every time.

All quotes verbatim from public posts. View sources →

Your vault needs to be everywhere you are.

A password manager that only works on your home network isn't a password manager. Your laptop moves. Your phone moves. Your agents run on servers in three time zones.

Self-hosting means a server with a public IP, DNS, TLS certificates, uptime monitoring, and backups. That's not a weekend project — that's infrastructure.

We run clavitor across regions on every continent. $20 $12/yr. Your Credential and Identity keys never leave your browser — we cannot read your private fields. Not policy. Math.

Get hosted → Self-host anyway

Up and running in 30 seconds

One command. No dependencies.

Terminal

# Self-host in 30 seconds
$ curl -fsSL clavitor.com/install.sh | sh
$ clavitor
# Running on http://localhost:1984

MCP config for Claude Code / Cursor / Codex

{
  "mcpServers": {
    "clavitor": {
      "url": "http://localhost:1984/mcp",
      "headers": { "Authorization": "Bearer v1984_your_token_here" }
    }
  }
}

Full install guide →

{{end}} {{define "index-script"}} {{end}}