集成指南
clavitor + Claude Code
Give your Claude agent secure access to credentials, TOTP codes, and API keys — without exposing card numbers, passports, or recovery codes.
What Claude sees
共享字段
Claude reads these via the CLI skill to help you code, deploy, and authenticate.
- API keys (GitHub, AWS, Stripe, OpenAI...)
- SSH 主机凭证
- 数据库连接字符串
- TOTP seeds — Claude generates 2FA codes autonomously
- 服务账户密码
What Claude never sees
个人字段
使用您的指纹、面容或安全密钥在客户端进行加密。服务器仅存储密文。无密钥,则无法访问。
- 信用卡号及 CVV
- 护照及政府身份证件
- 恢复码及助记词
- 社会安全号码
- 银行账户详情
Setup in 2 minutes
Create an agent in clavitor, initialize the CLI, done. The skill installs automatically.
1. 创建 Agent
Open your vault -> Agents -> Create. Name it "Claude Code" and choose which entries it can access. Copy the setup token — it's shown only once.
Each agent gets its own token, scopes, and rate limits.
2. 初始化 CLI
On the machine where Claude Code runs:
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init
3. Done
Claude Code picks up the skill immediately. Ask it to fetch a credential, generate a TOTP code, or store a new secret — it knows how.
# Claude can now run: $ clavitor-cli get "GitHub" --field password $ clavitor-cli totp "GitHub" $ clavitor-cli render app.config.json
You don't have to do anything
Once connected, Claude handles credentials automatically. Need to deploy? It looks up your SSH key. Need to log in? It fetches the password and generates the 2FA code. You just ask for what you want done.
"Deploy to production"
Claude looks up your server credentials, SSH key, and any required API tokens — then does the deployment.
clavitor-cli get "aws-production" --field secret_key clavitor-cli totp "aws" 283941
"Log in to GitHub and check the CI"
Claude finds the credential, generates a live TOTP code, and completes the 2FA flow. No phone needed.
clavitor-cli get "github" --field password clavitor-cli totp "github" 847203
"Save this API key"
Claude stores new credentials, notes, and configuration directly in your vault using clavitor-cli put. Sign up for a service, generate an API key, or jot down a config snippet — Claude saves it immediately.
"Remember this for later"
License keys, server configs, migration plans, recovery instructions — anything you tell Claude to remember goes into a Memory or Note via clavitor-cli memory put or clavitor-cli note put. Encrypted, searchable by embedding.
One vault, multiple agents
Running Claude on different projects? Create a separate agent for each.
Work agent
Scoped to GitHub, AWS, Jira, and Slack credentials
Personal agent
Scoped to email, social media, and cloud storage
Deploy agent
Scoped to SSH keys, database creds, and API tokens
所有访问操作均会被记录
The audit log records which agent accessed which credential, when, and from where.
# TIME ACTION ENTRY ACTOR 2026-03-08 10:23:14 read github.com cli:claude-code 2026-03-08 10:23:15 totp github.com cli:claude-code 2026-03-08 11:45:02 read aws-production cli:deploy-agent 2026-03-08 14:12:33 render - cli:claude-code