kv is a local encrypted secrets manager built for AI-assisted development. It helps you store credentials and lets agents use them through controlled paths instead of pasting raw keys into chat or project files.
FAQ without security theater.
Short answers for product users, managers, and developers who need to understand what kv does and where the boundaries are.
The safer brokered tools are designed so the agent gets the result, not the raw credential. kv run is different: if you approve a command with selected secrets, those secrets can enter that subprocess environment. That is why kv recommends brokered tools first.
Use kv_api, kv_query, or kv_ssh when the agent needs an external result. Use kv run when a local script or app truly requires environment variables.
The local CLI, daemon, and MCP server are open source. Team sync and managed sharing are future/private-beta work, not a public production promise on this site yet.
kv can be configured for Claude Code, Cursor, VS Code, Codex, and other MCP-capable editors. The exact guardrails vary by editor. Claude Code can receive extra hook guidance; other clients primarily use the MCP daemon boundary.
The passphrase is the main human barrier. Without unlock, an agent should not be able to simply read usable secret values from the vault files. Optional 2FA can add another local approval layer.
Encrypted vault files are meant to be safe to store with your project when key material and recovery material remain private. Do not commit passphrases, recovery keys, exported key strings, or plaintext secret exports.
Password managers are excellent for human retrieval. kv is focused on agent workflows where a tool should perform credentialed work without returning raw secrets to the agent whenever possible.
No. kv reduces secret exposure and adds boundaries, but it does not make arbitrary code trustworthy. If you approve a risky script with credentials, the risk moves to that approved execution path.
The current public focus is the local vault, daemon, brokered tools, CLI, and editor integration. Team vaults, cloud sync, billing, and managed organization controls should be treated as future work until announced with production evidence.