clavitor/clavitor.com/templates/install.tmpl

{{define "install-head"}}{{end}}

{{define "install"}}
<div class="hero container">
    <p class="label mb-3">Open source &middot; Elastic License 2.0</p>
    <h1 class="mb-4">Self-host Clavitor</h1>
    <p class="lead">One binary. No Docker. No Postgres. No Redis. Runs anywhere Go runs. You'll need a server with a public IP, DNS, and TLS if you want access from outside your network.</p>
</div>

<hr class="divider">

<div class="section container narrow">

    <div class="step">
        <div class="step-num">1</div>
        <div class="step-body">
            <h2>Download</h2>
            <p>The install script detects your OS and architecture, downloads the latest release, and puts it in your PATH.</p>
            <div class="code-block"><span class="prompt">$</span> curl -fsSL clavitor.com/install.sh | sh</div>
            <p class="mt-3 text-sm">Or download directly:</p>
            <div class="dl-links">
                <span class="btn btn-ghost btn-sm btn-mono" style="opacity:0.4;cursor:default">linux/amd64</span>
                <span class="btn btn-ghost btn-sm btn-mono" style="opacity:0.4;cursor:default">darwin/arm64</span>
                <span class="btn btn-ghost btn-sm btn-mono" style="opacity:0.4;cursor:default">darwin/amd64</span>
            </div>
        </div>
    </div>

    <div class="step">
        <div class="step-num">2</div>
        <div class="step-body">
            <h2>Set your vault key</h2>
            <p>The vault key encrypts your Credential fields at rest. If you lose this key, Credential field data cannot be recovered.</p>
            <div class="code-block">
                <div><span class="comment"># Generate a random key</span></div>
                <div><span class="prompt">$</span> export VAULT_KEY=$(openssl rand -hex 32)</div>
                <div class="mt-2"><span class="comment"># Save it somewhere safe</span></div>
                <div><span class="prompt">$</span> echo $VAULT_KEY &gt;&gt; ~/.clavitor-key</div>
            </div>
        </div>
    </div>

    <div class="step">
        <div class="step-num">3</div>
        <div class="step-body">
            <h2>Run it</h2>
            <p>A SQLite database is created automatically in <code>~/.clavitor/</code>.</p>
            <div class="code-block">
                <div><span class="prompt">$</span> clavitor</div>
                <div class="comment">Clavitor running on http://localhost:1984</div>
                <div class="comment">Database: ~/.clavitor/vault.db</div>
            </div>
        </div>
    </div>

    <div class="step">
        <div class="step-num">4</div>
        <div class="step-body">
            <h2>Configure agent access</h2>
            <p>Create a scoped token for each AI agent. Agents use the CLI to fetch credentials — encrypted in transit, never exposed in plaintext.</p>
            <div class="code-block">
                <div><span class="comment"># Create a scoped agent token</span></div>
                <div><span class="prompt">$</span> clavitor token create --scope dev --name "Claude Code"</div>
                <div class="comment">Token: <span class="highlight">ctk_dev_a3f8...</span></div>
                <div class="mt-2"><span class="comment"># Agent fetches credentials via CLI</span></div>
                <div><span class="prompt">$</span> clavitor get github.token --agent dev</div>
            </div>
            <p class="mt-3 text-sm">Manage tokens from the web UI at <code>http://localhost:1984</code> after first run.</p>
        </div>
    </div>

    <div class="step">
        <div class="step-num">5</div>
        <div class="step-body">
            <h2>Import your passwords</h2>
            <p>The LLM classifier automatically suggests Credential/Identity assignments for each field. Review and confirm in the web UI.</p>
            <div class="code-block">
                <div><span class="comment"># Chrome, Firefox, Bitwarden, Proton Pass, 1Password</span></div>
                <div><span class="prompt">$</span> clavitor import --format chrome passwords.csv</div>
                <div><span class="prompt">$</span> clavitor import --format bitwarden export.json</div>
                <div><span class="prompt">$</span> clavitor import --format 1password export.json</div>
            </div>
        </div>
    </div>

    <hr class="divider mb-8 mt-4">

    <h2 class="mb-4">Run as a service</h2>
    <p class="mb-4">For always-on availability, run Clavitor as a systemd service.</p>
    <p class="label mb-3">/etc/systemd/system/clavitor.service</p>
    <div class="code-block mb-4"><pre>[Unit]
Description=clavitor
After=network.target

[Service]
Type=simple
User=clavitor
EnvironmentFile=/etc/clavitor/env
ExecStart=/usr/local/bin/clavitor
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target</pre></div>
    <div class="code-block mb-8"><span class="prompt">$</span> sudo systemctl enable --now clavitor</div>

    <h2 class="mb-4">Expose to the internet</h2>
    <p class="mb-4">Put Clavitor behind Caddy for TLS and remote access.</p>
    <p class="label mb-3">Caddyfile</p>
    <div class="code-block"><pre>vault.yourdomain.com {
    reverse_proxy localhost:1984
}</pre></div>

</div>

<hr class="divider">

<div class="section container">
    <h2 class="mb-4">Rather not manage it yourself?</h2>
    <p class="lead mb-6">Same vault, same features. We handle updates, backups, and TLS. <s>$20</s> $12/yr.</p>
    <a href="/hosted" class="btn btn-primary">See hosted option &rarr;</a>
</div>
{{end}}