vault1984 — AI-native password manager with field-level encryption

The problem

Every password manager was built before AI agents existed. Now they need to catch up.

All-or-nothing is broken

All others give your AI agent access to everything in your vault, or nothing at all. There's no middle ground. Your AI needs your GitHub token — it shouldn't also see your passport number.

Policy isn't security

"AI-safe" vaults still decrypt everything server-side. They rely on access policies that can be overridden, misconfigured, or bypassed. If the server can read it, it's not truly private.

Agents need credentials — and 2FA codes

Your AI can't log in to a service, get past two-factor authentication, or rotate API keys without credential access. vault1984 lets it do all three — without exposing your credit card or passport to the same pipeline.

How it works

"Your assistant can book your flights.
Not read your diary."

Your passwords are stored on the vault server — yours to self-host, or ours to run. Every field is encrypted. But some fields get a second lock. That second key is derived from your fingerprint and only exists in your browser. The server holds the safe. Only you hold that key.

L1 AI-readable

Encrypted at rest, decryptable by the vault server. Your AI agent reads these via MCP.

API keys & tokens
SSH keys
TOTP 2FA codes — AI generates them for you (no more copy-paste from your phone)
OAuth tokens

L2 Touch ID only

Encrypted client-side with WebAuthn PRF. The server never sees the plaintext. Ever.

Credit card numbers
CVV
Passport & SSN
Private signing keys

Built different

Not another password manager with an AI checkbox. The architecture is the feature.

Field-level AI visibility

Each field in an entry has its own encryption tier. Your AI reads the username, not the CVV. Same entry, different access.

WebAuthn PRF

L2 encryption uses WebAuthn PRF — a cryptographic key derived from your biometric hardware. Math, not policy. The server literally cannot decrypt it.

AI-powered 2FA

Store TOTP secrets as L1 fields. Your AI agent generates time-based codes on demand via MCP — no more switching to your authenticator app.

Scoped MCP tokens

Create separate MCP tokens per agent or integration. Each token sees only its designated entries. Compromise one, the rest stay clean.

One binary, one file

No Docker. No Postgres. No Redis. One Go binary, one SQLite file. Runs on a Raspberry Pi. Runs on a VPS. Runs on your laptop.

LLM field mapping

Import from any password manager and the built-in LLM automatically classifies which fields should be L1 (AI-visible) vs L2 (private).

10 agents.
Each gets exactly what it needs.

Create scoped MCP tokens per agent. One compromised agent exposes one agent's scope — not your entire vault.

~/.claude/mcp.json

{
  "mcpServers": {
    "vault-dev": {
      "url": "http://localhost:1984/mcp",
      "headers": {
        "Authorization": "Bearer mcp_dev_a3f8..."
      }
    },
    "vault-social": {
      "url": "http://localhost:1984/mcp",
      "headers": {
        "Authorization": "Bearer mcp_social_7b2e..."
      }
    }
  }
}

Don't want to run it yourself?

We host vault1984 on TIER III infrastructure across four regions. $12/year. Pick your region at signup.

Your L2 keys are derived in your browser. We mathematically cannot read your private fields.

See hosted plans → Self-host guide

Up and running in 30 seconds

One command. No dependencies.

Terminal

# Self-host in 30 seconds

$ curl -fsSL vault1984.com/install.sh | sh

$ vault1984

# Running on http://localhost:1984

MCP config for Claude Code / Cursor / Codex

{
  "mcpServers": {
    "vault1984": {
      "url": "http://localhost:1984/mcp",
      "headers": {
        "Authorization": "Bearer mcp_your_token_here"
      }
    }
  }
}

Full install guide →

"If you want to keep a secret, you must also hide it from yourself."