AiMANAC Vault

Automated API key rotation for fleet deployments: mint keys via provider admin APIs, distribute to your backends, verify health, revoke old keys. Optional IHP encryption for credentials in transit. The app package name in the repository is aimanac-vault.

What it does

• Rotation — assess → mint → encrypt (optional) → distribute → verify → revoke
• Enrollment — generate secure enrollment bundles for new fleet members (MCP: vault_enroll)
• Fleet management — configure members and provider credentials; audit trail in a local SQLite database

Install (from source)

There is no published Docker image in the open repo; run from a clone of the AiMANAC vault/ tree.

cd vault
npm install
npx prisma migrate dev

Copy .env.template to .env and fill admin API keys and fleet settings per the template comments. Configure fleet members in src/config/fleet.ts or FLEET_MEMBERS_JSON.

Configure

• Point vault operations at your deployed backends (URLs in fleet config / env).
• Add provider admin credentials where supported (OpenAI, Google, xAI, Perplexity, etc.). Anthropic and DeepSeek have limited or no admin mint paths — see provider table in the vault README.

CLI usage

npx ts-node src/index.ts                 # normal rotation cycle
npx ts-node src/index.ts --dry-run        # preview
npx ts-node src/index.ts --force          # force rotation
npx ts-node src/index.ts --member 1       # one member
npx ts-node src/index.ts --provider openai

MCP (Claude Code / Cursor)

Register the vault MCP server (stdio) using your client’s config. See vault/MCP_SETUP.md in the repository for the exact JSON. Exposed tools include:

• vault_rotate — run rotation cycle
• vault_status — managed key status
• vault_audit — audit log
• vault_fleet — fleet members
• vault_health — health checks
• vault_enroll — enrollment bundle / deep link for a new member

← Home