johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/docs/FEATURE-GRID.md

95 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Credential & Secret Management — Feature Grid
*Last updated: March 25, 2026*
Target audience: AI agent era. Rows marked 🤖 are agent-specific capabilities.
---
## Grid
| Feature | 1Password | Bitwarden | Vaultwarden | OneCLI | HashiCorp Vault | Infisical | Doppler | Aembit | **Clavitor** |
|---------|-----------|-----------|-------------|--------|-----------------|-----------|---------|--------|--------------|
| **CREDENTIAL TYPES** |
| API keys | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SSH keys | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
| TOTP / 2FA codes | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Secure notes | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
| Passwords / logins | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Credit cards / IDs | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| Dynamic secrets | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | 🗓️ |
| **AGENT CAPABILITIES** 🤖 |
| Designed for AI agents | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
| MCP server (agent discovery) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Per-agent identity tokens | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Proxy mode (HTTP_PROXY) | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | 🗓️ |
| Agent info hiding (can use, can't read) | ❌ | ❌ | ❌ | ⚠️ | ⚠️ | ❌ | ❌ | ✅ | ✅ |
| Intent-based policy (LLM) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️ | 🗓️ |
| Workload identity (OIDC/SPIFFE) | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | 🗓️ |
| **SECURITY** |
| FIPS 140-3 | ⚠️ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
| HSM support | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | 🗓️ |
| End-to-end encrypted | ✅ | ✅ | ✅ | ⚠️ | ❌ | ⚠️ | ❌ | ❌ | ✅ |
| Zero-knowledge architecture | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Audit logging | ✅ | ✅ | ⚠️ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Secret versioning | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
| Secret rotation | ⚠️ | ❌ | ❌ | ❌ | ✅ | ⚠️ | ⚠️ | ✅ | 🗓️ |
| **DEPLOYMENT** |
| Self-hostable | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ |
| Single binary | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Docker required | N/A | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | N/A | N/A | ❌ |
| Open source | ❌ | ✅ | ✅ | ✅ | ⚠️ | ✅ | ❌ | ❌ | ✅ |
| Multi-tenant | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🗓️ |
| **HUMAN SURFACES** |
| iOS app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| Android app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| macOS app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| Windows app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| Browser extension | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| Web dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🗓️ |
| CLI | ✅ | ✅ | ✅ | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ |
| **INTEGRATIONS** |
| CI/CD native | ⚠️ | ⚠️ | ❌ | ❌ | ✅ | ✅ | ✅ | ⚠️ | 🗓️ |
| Kubernetes operator | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | 🗓️ |
| External vault backend | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | 🗓️ |
| **DEPLOYMENT** |
| Hosted (cloud) | ✅ | ✅ | ❌ | 🗓️ | ✅ | ✅ | ✅ | ✅ | ✅ (POPs) |
| Self-hosted | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ |
| **PRICING** |
| Free tier | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ⚠️ | ❌ | ❓ |
| Price / year | ~$36/u | $10/u | Free | Free | Free$$$$$ | Free$96/u | $120+/u | Enterprise | **$12 flat** |
---
## Legend
| Symbol | Meaning |
|--------|---------|
| ✅ | Supported |
| ❌ | Not supported |
| ⚠️ | Partial / limited |
| 🗓️ | Clavitor roadmap |
| N/A | Not applicable |
---
## Notes
**1Password:** Best human UX in the market. No agent story. FIPS only via gov.1password.com (US gov offering). Strong browser extension and desktop apps.
**Bitwarden:** Open source, E2E encrypted, strong community. No agent capabilities. Self-hosted via their official server.
**Vaultwarden:** Unofficial Rust reimplementation of Bitwarden server. Single binary, lightweight. Ideal self-hosted alternative. No official support.
**OneCLI:** Only product (besides Aembit/Clavitor) designed for AI agents. Proxy-only — no vault for humans. No SSH, TOTP, or notes. Audit logging is an open feature request.
**HashiCorp Vault:** Enterprise gold standard. FIPS validated, HSM support, dynamic secrets, Kubernetes-native. Extremely complex to operate. BSL license (not truly open source since 2023). Overkill for most teams.
**Infisical:** Open-source secret management for dev teams. Strong CI/CD integrations. No agent story. Good alternative to Doppler.
**Doppler:** SaaS-only, developer-focused, great DX for injecting secrets into apps at runtime. No self-hosted. No agent capabilities.
**Aembit:** Enterprise agent identity platform. Blended human+agent identity model. SPIFFE/OIDC workload identity. Expensive, enterprise sales motion. No human vault (credential storage) — purely identity/policy.
**Clavitor:** Only product combining human vault (all credential types) + agent-native design + MCP server + single binary + FIPS + $12/yr pricing. Unique position: the vault that works for both humans and their agents.
Reference in New Issue View Git Blame Copy Permalink