Automic Vault icon Automic Vault

Privacy

Automic Vault keeps agent credentials local

Automic Vault protects local developer credentials. The product is open-source software for macOS, not a hosted secrets platform that stores your agent credentials in a remote account.

Last updated: June 1, 2026

Automic Vault keeps agent credentials on the developer's Mac. The public website is static product information; the app's privacy boundary is local keychain-backed storage, approved command execution, and no raw secret handoff to AI model context.

Sealed secrets status

Website

The website publishes static product information.

The public site provides documentation, downloads, and source links. It does not require an account, checkout flow, or hosted vault login.

No account

No hosted login

The website does not ask users to create an Automic Vault account to read docs or inspect source.

Downloads

Static artifacts

Downloads are served as static files linked from the site and repository.

Source

Public repository

Product source and issue tracking live in the public GitHub repository.

Secrets

Local storage

Automic Vault's product goal is to keep agent-facing secrets local and away from model context.

Product boundary

Secrets are local product data.

Automic Vault moves credentials out of plaintext files and into local keychain-backed storage. Approved command-line tools receive the requested values at runtime; the website is not the secret storage surface.

SurfacePrivacy boundary
WebsiteStatic pages, documentation, downloads, and public source links; no hosted vault login is required.
SecretsCredentials are intended to move out of readable files and into local keychain-backed storage.
AgentsModels should not receive raw secret values in prompts, transcripts, or copied tool output.
ToolsApproved executables receive named values at runtime when the local workflow needs them.

References

Privacy-related product details.

Practical rule

Do not make AI transcripts a secret store.

Automic Vault targets local over-sharing: dotenv files, shell profiles, cloud credentials, package tokens, and debug output can all become model-visible text. The product reduces those text surfaces before an agent run starts.

Before

Move ambient secrets

Replace readable local secret files with named values stored behind the local runtime boundary.

During

Inject to the tool

Let approved executables receive credentials without asking the model to handle the raw value.

After

Review exposure

Use local scanning to find files that still contain credentials before future agent sessions.

Public

Keep reports sanitized

Use synthetic examples when reporting privacy or security behavior in public repositories.