Credential Vault
@baselineos/vault
Section titled “@baselineos/vault”npm install @baselineos/vaultEvery organization using AI agents faces credential sprawl. The Vault solves it with encryption at rest, per-agent scoping, trust-scored access, time-boxed leases, and persistent audit trails.
Capabilities
Section titled “Capabilities”- AES-256-CBC encryption at rest with per-credential IVs
- Per-agent scoping — each agent sees only its credentials
- Trust-scored access — minimum trust required per credential
- Time-boxed leases — credentials auto-expire after step timeout
- Opaque grants — agents use but never read raw values
- Persistent audit trail — every access logged to SQLite
18 standalone tests. See the Credential Vault guide for full documentation.