Secret Vault

Overview

AgentZero stores secrets encrypted at rest. The model only ever sees handles like handle://vault/github/token — never raw values. Tools receive the actual secret only at execution time after policy approval.

Add a Secret

az vault add github token
# Vault passphrase: ********
# Secret value: ghp_abc123...
# Stored: handle://vault/github/token

List Secrets

az vault list
# Vault passphrase: ********
# Stored secrets:
#   handle://vault/aws/key
#   handle://vault/github/token
# 2 secret(s)

Retrieve a Secret

az vault get github token
# Vault passphrase: ********
# ghp_abc123...

Remove a Secret

az vault remove github token
# Vault passphrase: ********
# Removed: handle://vault/github/token

Storage Format

Each secret is stored as an individual AES-256-GCM encrypted file:

.agentzero/vault/
  github/
    token.enc
  aws/
    key.enc

Importing from .env Files

Migrate secrets from an existing .env file into the vault:

az vault-import .env
# Vault passphrase: ********
# Imported 5 secret(s):
#   handle://vault/env/DATABASE_URL
#   handle://vault/env/API_KEY
#   handle://vault/env/GITHUB_TOKEN
#   handle://vault/env/AWS_SECRET_KEY
#   handle://vault/env/STRIPE_KEY

Preview what would be imported without writing:

az vault-import .env --dry-run

Each KEY=VALUE line is stored as handle://vault/env/<KEY>.

Security Properties

• AES-256-GCM encryption per secret
• Argon2id key derivation (memory-hard, brute-force resistant)
• Random salt + nonce per encryption (ciphertext never repeats)
• Passphrase required for every vault operation
• No plaintext ever touches disk