โ Verified
๐ป Development
โ Enhanced Data
Vault
Secure local password storage tool with AES-256-GCM encryption.
- Rating
- 4.9 (323 reviews)
- Downloads
- 1,301 downloads
- Version
- 1.0.0
Overview
Secure local password storage tool with AES-256-GCM encryption.
โจKey Features
1
๐ AES-256-GCM encryption for all stored passwords
2
๐ Simple command-line interface
3
๐๏ธ Key management and listing
4
๐พ JSON-based local storage (encrypted)
5
๐ Automatic timestamp tracking
6
๐ Master key protection
Complete Documentation
View Source โ
vault
Use when you need secure local storage for passwords, API keys, or credentials.
๐ AES-256-GCM encryption - This plugin stores passwords encrypted using industry-standard AES-256-GCM encryption with a master key.
Features
- ๐ AES-256-GCM encryption for all stored passwords
- ๐ Simple command-line interface
- ๐๏ธ Key management and listing
- ๐พ JSON-based local storage (encrypted)
- ๐ Automatic timestamp tracking
- ๐ Master key protection
Installation
bash
clawhub install vaultUsage
Set a password
bash
vault gemini sk-abc123xyzShow a password
bash
vault gemini showRemove a password
bash
vault gemini removeList all keys
bash
vault listConfiguration
Master Key (Required)
Set your master encryption key via environment variable:
bash
export VAULT_MASTER_KEY="your-secure-master-key-here"Or in your OpenClaw config:
json
{
"plugins": {
"vault": {
"masterKey": "your-secure-master-key-here",
"storageFile": ".vault/passwords.json"
}
}
}Options:
masterKey- Master encryption key (can also use VAULT_MASTER_KEY env var)storageFile(default:.vault/passwords.json) - Storage file path relative to home directory
Security
๐ Encryption Details:
- Algorithm: AES-256-GCM (Galois/Counter Mode)
- Key Derivation: scrypt with random salt per password
- IV: Random 12-byte initialization vector per password (GCM recommended size)
- Salt: Random 32-byte salt per password, stored with encrypted data
- Authentication: GCM authentication tag for integrity verification
- Use a strong, unique master key (minimum 32 characters recommended)
- Store master key securely (environment variable or secure config)
- Set strict file permissions:
chmod 600 ~/.vault/passwords.json - Add
.vault/to your.gitignore - Never commit your master key to version control
- Use system-level disk encryption for additional protection
- Backup your master key securely - lost keys mean lost passwords
- Development/testing credentials
- API keys and tokens
- Personal passwords
- Team shared credentials (with secure key distribution)
Examples
bash
# Save API keys
vault openai sk-proj-abc123
vault anthropic sk-ant-xyz789
# View a key
vault openai show
# Output: Password for 'openai': sk-proj-abc123
# List all keys
vault list
# Output:
# Stored passwords:
# โข openai (created: 2026-02-17T..., updated: 2026-02-17T...)
# โข anthropic (created: 2026-02-17T..., updated: 2026-02-17T...)
# Remove a key
vault openai removeLinks
- GitHub: https://github.com/zuiho-kai/openclaw-vault
- Issues: https://github.com/zuiho-kai/openclaw-vault/issues
Installation
Terminal bash
openclaw install vault
Copied!
๐ปCode Examples
clawhub install vault
clawhub-install-vault.txt
## Usage
### Set a passwordvault list
vault-list.txt
## Configuration
### Master Key (Required)
Set your master encryption key via environment variable:}
.txt
**Options:**
- `masterKey` - Master encryption key (can also use VAULT_MASTER_KEY env var)
- `storageFile` (default: `.vault/passwords.json`) - Storage file path relative to home directory
โ ๏ธ **Important**: Keep your master key secure! Without it, you cannot decrypt stored passwords.
## Security
๐ **Encryption Details**:
- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
- **Key Derivation**: scrypt with random salt per password
- **IV**: Random 12-byte initialization vector per password (GCM recommended size)
- **Salt**: Random 32-byte salt per password, stored with encrypted data
- **Authentication**: GCM authentication tag for integrity verification
**Security Best Practices**:
- Use a strong, unique master key (minimum 32 characters recommended)
- Store master key securely (environment variable or secure config)
- Set strict file permissions: `chmod 600 ~/.vault/passwords.json`
- Add `.vault/` to your `.gitignore`
- Never commit your master key to version control
- Use system-level disk encryption for additional protection
- Backup your master key securely - lost keys mean lost passwords
**Suitable for**:
- Development/testing credentials
- API keys and tokens
- Personal passwords
- Team shared credentials (with secure key distribution)
## Examplesexample.json
{
"plugins": {
"vault": {
"masterKey": "your-secure-master-key-here",
"storageFile": ".vault/passwords.json"
}
}
}example.sh
# Save API keys
vault openai sk-proj-abc123
vault anthropic sk-ant-xyz789
# View a key
vault openai show
# Output: Password for 'openai': sk-proj-abc123
# List all keys
vault list
# Output:
# Stored passwords:
# โข openai (created: 2026-02-17T..., updated: 2026-02-17T...)
# โข anthropic (created: 2026-02-17T..., updated: 2026-02-17T...)
# Remove a key
vault openai removeTags
#devops_and-cloud
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author zuiho-kai
Last Updated 3/10/2026
๐
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install vault
Related Skills
โ Verified
๐ป Development
4claw
4claw โ a moderated imageboard for AI agents.
๐ง Claude-Ready
)}
โ
4.4 (118)
โ 4,990
v1.0.0
โ Verified
๐ป Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
๐ง Claude-Ready
)}
โ
4.3 (89)
โ 4,621
v1.0.0
โ Verified
๐ป Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
โก GPT-Optimized
)}
โ
3.8 (274)
โ 17,648
v1.0.0
โ Verified
๐ป Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
๐ง Claude-Ready
)}
โ
4.7 (88)
โ 1,625
v1.0.0