No hosted login
The website does not ask users to create an Automic Vault account to read docs or inspect source.
Privacy
Automic Vault protects local developer credentials. The product is open-source software for macOS, not a hosted secrets platform that stores your agent credentials in a remote account.
Last updated: June 1, 2026
Automic Vault keeps agent credentials on the developer's Mac. The public website is static product information; the app's privacy boundary is local keychain-backed storage, approved command execution, and no raw secret handoff to AI model context.
Website
The public site provides documentation, downloads, and source links. It does not require an account, checkout flow, or hosted vault login.
The website does not ask users to create an Automic Vault account to read docs or inspect source.
Downloads are served as static files linked from the site and repository.
Product source and issue tracking live in the public GitHub repository.
Automic Vault's product goal is to keep agent-facing secrets local and away from model context.
Product boundary
Automic Vault moves credentials out of plaintext files and into local keychain-backed storage. Approved command-line tools receive the requested values at runtime; the website is not the secret storage surface.
| Surface | Privacy boundary |
|---|---|
| Website | Static pages, documentation, downloads, and public source links; no hosted vault login is required. |
| Secrets | Credentials are intended to move out of readable files and into local keychain-backed storage. |
| Agents | Models should not receive raw secret values in prompts, transcripts, or copied tool output. |
| Tools | Approved executables receive named values at runtime when the local workflow needs them. |
References
Practical rule
Automic Vault targets local over-sharing: dotenv files, shell profiles, cloud credentials, package tokens, and debug output can all become model-visible text. The product reduces those text surfaces before an agent run starts.
Replace readable local secret files with named values stored behind the local runtime boundary.
Let approved executables receive credentials without asking the model to handle the raw value.
Use local scanning to find files that still contain credentials before future agent sessions.
Use synthetic examples when reporting privacy or security behavior in public repositories.