Phantom Vault: Open-Source Secrets for AI Agents
Our open-source secret vault for the age of AI agents. The model uses your API keys by name and never sees the value — encrypted at rest with AES-256-GCM, jailed at runtime, sanitized on the way out. Free, Apache 2.0. Read every line and use it.
The problem: agents leak secrets
You gave an AI assistant access to your machine so it could actually do things — deploy, call APIs, run commands. The moment you did, every secret it can read became something it can leak: into a conversation, a log, a file it writes, or a network call a prompt injection talked it into making. Traditional secret managers defend against outsiders. They were not built for a trusted-but-powerful agent you invited in. That is the gap Phantom Vault closes.
What it does: use by name, never by value
Phantom Vault lets an AI call a secret by name and run commands with it, without ever seeing the raw value — the value comes back as [REDACTED]. Secrets are encrypted at rest with AES-256-GCM and an Argon2id-derived key, with keys zeroized in memory and pinned so they never swap to disk. Commands run inside a fail-closed network egress jail and a Landlock filesystem jail, so a command cannot phone a secret out or write it to a file. Output is sanitized before it is returned, decoy canary secrets flag misuse, and every access is written to an audit log. It ships an MCP server, so Claude Code and other assistants call it directly.
It is open — take it
This is the one thing we build that we want you to copy. Phantom Vault is free and open source under Apache 2.0. There is nothing to buy and no account to create. Read every line, audit it, run it, fork it, ship it in your own products. We are honest about maturity: it is early (version 0.1.0), and the end-to-end guarantee that an agent can never exfiltrate a secret is under an independent containment audit — so we label what is verified today versus what is still being proven, rather than overstating a security tool. Install it in one line and see the full, honest security status at phantomvault.riscent.com; the source lives at github.com/r-db/phantom-vault.
Phantom Vault is our gift to the community and a working example of how we think about AI security: every safety claim maps to a check you can run yourself. If you want that same discipline applied to your own systems, that is what we do.
We specialize in healthcare — the hardest vertical for AI, with HIPAA regulation, PHI handling, and zero tolerance for error. If we can ship it in healthcare, we can ship it anywhere. We work across industries.
Reply within 24 hours. No pitch deck. No discovery phase. Just whether I can help.