2.7 KiB

Raw Blame History

Show HN: Clavitor – Password manager with two-tier encryption for humans with AI assistants

TL;DR: A password manager that knows your AI assistant needs your GitHub key, but doesn't need your CVV. Field-level encryption with WebAuthn PRF for L2 secrets. One Go binary, MIT licensed.

The Problem

Your Claude/Codex/Cursor agent needs credentials to deploy code, rotate keys, complete 2FA. But every existing password manager is all-or-nothing:

Give the AI your vault password → it sees everything (including your credit card)
Don't give it access → it can't do its job

We needed per-field visibility. So we built it.

Two-Tier Encryption

L1 (Credential Encryption): Server-side key. AI-readable. API keys, SSH keys, TOTP secrets.

L2 (Identity Encryption): WebAuthn PRF, client-side only. Card numbers, CVV, passport, private keys. The server literally cannot decrypt these — the key is derived from your Touch ID / Face ID / YubiKey in the browser and never leaves.

Same entry. Two encryption tiers. The AI sees the GitHub token. It sees that you have an Amex card. It cannot see the card number.

Technical Details

One binary: clavitor → SQLite file on port 1984. No Docker, no Postgres, no Redis.
MCP-native: /mcp endpoint with get_credential(), get_totp(), check_expiring(). Works with Claude Code, Cursor, Codex.
LLM import: Native parsers for Chrome/Firefox/Bitwarden/Proton (12k+ entries instant). LLM fallback for any other format.
Collision resolution: Import from multiple sources, newest timePasswordChanged wins per entry.
FIPS 140-3: Go crypto with CNG/OpenSSL backends where available.

Why This Matters

LastPass lost encrypted vaults in 2022. Three years later, attackers are still cracking them — weak passwords first. FBI traced $150M+ in crypto theft to that single breach.

Clavitor's L2 fields use WebAuthn PRF. The server never has the key. Even shell access to the box doesn't get your credit card numbers. Math, not policy.

Quick Start

# Self-host in 30 seconds
curl -fsSL clavitor.ai/install.sh | sh
./clavitor
# Running on http://localhost:1984

# Claude Code MCP config
~/.claude/mcp.json:
{
  "mcpServers": {
    "clavitor": {
      "command": "clavitor",
      "args": ["mcp"]
    }
  }
}

Code & License

GitHub: https://github.com/johanj/clavitor
License: MIT
Language: Go 1.24
Platforms: Linux/amd64, Linux/arm64, Darwin/arm64, Darwin/amd64

The port number is intentional.

Questions?

AMA in comments. Happy to discuss the WebAuthn PRF implementation, the MCP protocol design, or why we chose SQLite over "web scale" alternatives.

2.7 KiB Raw Blame History Unescape Escape