ML-KEM-768 + X25519 · Quantum-safe from day one

Zero-knowledge secrets for AI coding agents.

Store encrypted secrets. Inject them into subprocesses.
Claude Code, Cursor, Copilot — the AI never sees the values.

Start free — no card required Read the docs →
$ brew install opaquevault-brew/tap/ov
Built on
AES-256-GCM / Argon2id / ML-KEM-768 / MCP Protocol / NIST FIPS 203
Built for developers using
Built by Hunter Lemperle — veteran, solutions engineer, one-person studio · View source · Open beta — be an early user
// The problem

23.8M secrets leaked on GitHub in 2024 — up 25% year over year. Repos using AI coding assistants leaked at a rate 40% higher than those without.

Your AI coding assistant needs database credentials, API keys, and tokens to run tests, deploy code, and call services. But every secret you paste into Claude Code or Cursor lives in the model's context window, flows through Anthropic's API, and may be logged anywhere along the way.

Existing secret managers weren't built for AI agents. OpaqueVault was.

Source: GitGuardian State of Secrets Sprawl 2025

// Free. No account required.

Find out what's
already leaked.

Run ov scan in any repo. No signup. No telemetry. It walks your git-tracked files and surfaces secrets you may not know are there — AWS keys, Stripe tokens, private keys, connection strings, high-entropy blobs.

$ ov scan .
ov scan .
Scanning 1,847 files...
FILE LINE TYPE SEV
scripts/deploy.sh 31 aws-access-key CRITICAL
config/database.yml 14 postgres-dsn HIGH
.env.backup 3 stripe-secret-key HIGH
3 secrets found. Store them safely:
$ ov scan . --fix
// One vault, every project

Stop prefixing secrets.
Use namespaces.

Every project has a DATABASE_URL. OpaqueVault scopes secrets by app and environment — so they never collide and you never need MYSAAS_PROD_DATABASE_URL again.

// Before — flat namespace
DATABASE_URL collision ✗
DATABASE_URL collision ✗
MYSAAS_PROD_STRIPE_KEY manual prefix
SIDE_PROJECT_OPENAI_KEY manual prefix
// After — app / env / name
my-saas / production
DATABASE_URLprod DB
STRIPE_SECRET_KEYlive key
my-saas / staging
DATABASE_URLstaging DB
side-project / dev
DATABASE_URLlocal DB
OPENAI_API_KEY
// Zero-config context via .ov.yaml
# .ov.yaml — commit this file, it has no secrets
app: my-saas
env: staging

Drop this in your repo root. Every ov command and ov mcp serve picks up the context automatically.

ov secret list
App: my-saas Environment: staging
NAME UPDATED
DATABASE_URL 2026-04-10
STRIPE_SECRET_KEY 2026-04-10
// How it works

The two-process model.

Decryption happens locally on your machine. The cloud stores only ciphertext.

🤖
Claude Code
AI assistant
never sees plaintext
MCP / stdio
ov mcp serve
local bridge + interceptor
  • Decrypts locally
  • Holds KEK in memory
  • Injects env vars
  • Intercepts leaked secrets
HTTPS + PQC
🔒
api.opaquevault.com
blob store only
  • Stores ciphertext only
  • No decrypt endpoint
  • No master password
01

.ov.yaml sets the context

A two-line file in your repo root — app: my-saas, env: staging — tells ov mcp serve which project and environment to operate in. No flags. No ambient ambiguity.

02

Claude calls vault_run

Claude Code calls the MCP tool with a command and secret names. The bridge already knows which app and environment to pull from — Claude never needs to specify them.

03

Bridge decrypts and injects

ov mcp serve fetches the encrypted blob for that app + environment, decrypts locally with your KEK, and spawns the subprocess with the secret as an env var. The value is zeroed from memory after use.

04

Claude sees only exit code

The MCP response contains stdout, stderr, and exit code. The plaintext secret value is never in the response. Ever.

// In practice

One command.
Zero exposure.

Store secrets with the CLI. Reference them from Claude Code. Your AI agent runs commands with full access — and zero visibility.

No .env files on disk
No secrets in chat context
Scoped per app + environment
No decrypt endpoint on the server
Audit log for every access
store a secret
# .ov.yaml: app: my-saas, env: production
$ ov secret set DATABASE_URL
Enter value (hidden):
Encrypted. my-saas/production/DATABASE_URL created.
claude code session
Claude I'll run the database migrations using vault_run.
vault_run("go run ./cmd/migrate", ["DATABASE_URL"])
exit_code: 0
stdout: "migrations: 3 applied"
# DATABASE_URL never appeared. Not once.
// The encryption stack

Quantum-safe.
From day one.

Not a roadmap item. Not a v2 feature. Every secret stored today is protected against harvest-now-decrypt-later attacks.

Master Password
↓ Argon2id (time=1, mem=64MB, threads=4)
KEK — Key Encryption Key (32 bytes)
Lives only in client memory. Never leaves your machine.
↓ AES-256-GCM + random nonce per operation
DEK — per-secret Data Encryption Key
32 random bytes. Zeroed after use.
↓ AES-256-GCM + random nonce per operation
Ciphertext — all the server ever sees
Stored at api.opaquevault.com. Useless without the KEK.

ML-KEM-768 + X25519 Hybrid

Transport uses a hybrid post-quantum KEM: X25519 for classical security + ML-KEM-768 (NIST FIPS 203) for quantum resistance. If either is broken, the other protects you. Zero X25519-only fallback. No downgrades.

Powered by cloudflare/circl · Pure Go · No CGO
// Features

Everything. Nothing extra.

MCP-native

7 MCP tools.
Zero plaintext leaks.

vault_run, vault_inject_env, vault_list_secrets, and 4 more. Designed so AI agents can do their job without ever seeing secret values.

vault_run vault_inject_env vault_list_secrets vault_create_secret vault_status
🔑

Zero-knowledge

The server stores ciphertext only. No decrypt endpoint. No key escrow. A compromised server exposes nothing.

⌨️

Single binary CLI

ov includes mcp serve. One install. No version skew.

brew install opaquevault-brew/tap/ov
Active defense

Catches what you miss.

ov mcp serve sits between Claude and everything else. If a raw secret slips into context — accidentally pasted AWS key, leaked token in a stack trace — the interceptor blocks it before the model ever sees it.

inbound AKIAIOSFODNN7EXAMPLE
blocked · logged · use ov secret set instead
📋

Audit log

Every read, write, delete — and every interception. Secret references stored as HMAC hashes. The log proves access without revealing names.

Post-quantum

Harvest-now-decrypt-later proof.

ML-KEM-768 on transport means adversaries capturing your encrypted traffic today cannot decrypt it when quantum computers arrive.

📁

Multi-app namespacing

my-saas / staging / DATABASE_URL. Secrets scoped by app and environment. No more manual prefixes. Drop a .ov.yaml in your repo — context is automatic.

🔄

CI/CD ready

Scoped API keys. Read-only CI tokens. One credential in GitHub secrets, all your real secrets behind zero-knowledge encryption.

// Setup in 5 minutes

From install to
zero-knowledge.

Install, create an app, drop a .ov.yaml in your repo root, and connect to Claude Code. Every MCP tool call is automatically scoped to the right project — no flags needed.

01
Install
brew install opaquevault-brew/tap/ov
ov login
02
Create an app + commit .ov.yaml
ov app create my-saas
ov env create production --app my-saas
echo "app: my-saas\nenv: production" > .ov.yaml
03
Store secrets
ov secret set DATABASE_URL
ov secret set OPENAI_API_KEY
04
Add to Claude Code MCP config
{
  "mcpServers": {
    "opaquevault": {
      "command": "ov",
      "args": ["mcp", "serve"]
    }
  }
}
Done. Ask Claude to run anything.

Secrets inject as env vars. Claude never sees values.

// How we compare

Built differently.
From the start.

Zero-knowledge, MCP-native, quantum-safe — and the only one that namespaces secrets by app and environment out of the box.

Feature OpaqueVault 1Password MCP Doppler HashiCorp Vault
Zero-knowledge
Claude never sees plaintext
Quantum-safe (ML-KEM-768)
MCP-native Partial
Multi-app namespacing Partial Partial
Price Free / $9mo $3/mo+ $6/mo+ Self-hosted

1Password MCP returns plaintext values in MCP responses, making them visible in Claude's context window. OpaqueVault structurally prevents this via the two-process model.

// Pricing

Simple pricing.
Free to start.

Free
$0 /mo
  • 10 secrets
  • 3 apps · 3 environments
  • 1 API key
  • MCP bridge
  • ov scan (always free)
Get started free
Most popular
Developer
$9 /mo
  • 100 secrets
  • Unlimited apps + environments
  • 5 API keys
  • Audit log · 90-day retention
Start Developer
Team
$29 /mo
  • Unlimited secrets
  • Unlimited apps + environments
  • Unlimited keys
  • Org sharing coming soon
  • 1yr audit retention
View details

Full pricing details →

Your AI agent.
Your secrets stay secret.

Zero-knowledge. Quantum-safe. MCP-native.
Free to start. No credit card required.

Create free account Read the docs