Automic Vault
macOS local-first agent runtime security

From the creator of Homebrew

Automic Vault

A hardened package manager and secrets boundary for the tools AI agents run on your Mac.

Download .dmg Read docs Run the scanner

Highlights

security map
01 / secrets No plaintext credential file for agents to scrape. 02 / approval Prompts live where sensitive tool actions execute. 03 / packages 11,909 Agent toolchains get hardened roots and transitive stacks. 04 / trace Inspect curl-pipe-shell installers before they write files.

Top Boundaries

What changes when the agent moves from chat into your local runtime.

v0 surface
1

Keychain-backed secrets

Tools get secrets. Agents do not.

Automic Vault patches critical tools so credentials can move out of plaintext files and into local protected storage. The tool can still do its job; the agent loses the easy read path.

  • gh
  • aws-cli
  • av inject
  • secret scanner
2

Human approval gates

Approval belongs beneath the agent, not inside it.

Built-in agent controls help, but a compromised agent controls its own policy surface. Automic Vault places gates at the local tool layer, where token export, package publishing, and other sensitive actions actually happen.

Automic Vault Agent wants to run npm publish. Approve? Deny Approve
3

Nucleus package manager

Install the agent's tools into a root it cannot rewrite.

Nucleus installs Homebrew, npm, and PyPI packages with hardened roots. Agents can run approved tools without turning the whole developer environment into writable ambient state.

Homebrew npm PyPI /opt
4

Plaintext exposure scan

Find what an agent can see before you start the run.

av secret-scanner searches for credentials that are already exposed in local files. Use it as a fast preflight before giving an autonomous run broad filesystem access.

5

Automic Vault.app

A native Mac surface for package control.

Search packages, inspect metadata, approve installs with Touch ID, follow updates, and use the av CLI when the terminal is the right interface.

Automic Vault app showing package search and package details

Fit

not another wrapper
Homebrew

Package manager

Automic Vault installs familiar packages, then tightens what agents can mutate underneath them.

1Password

Secrets manager

Central vaults manage secrets. Automic Vault controls whether a local tool can receive one.

Agent controls

Execution policy

Agent-level controls are useful. Tool-layer controls survive below the model and its prompt.

Guides

deeper reads
01 Secrets Manager for AI Agents

Store secrets locally and inject them only into approved tools.

 02 Stop AI Agents Reading .env Files

Remove the easiest plaintext target from agent sessions.

 03 API Key Management for AI Agents

Keep tokens out of chat while command-line tools still work.

 04 MCP Secrets Management

Give MCP tools access without giving models raw secrets.
100 secured or detected packages Known Homebrew secret escapes, closed or surfaced.

17,450 formula and tap candidates reviewed; remaining known risks show as GUI hazards.

docker

ambient registry credential helpers flagged as hazards

aws-cli

AWS credentials served through av credential-helper

terraform

cloud tokens served through Terraform's helper protocol

git

plaintext credential-store files detected in the GUI

openssh

unencrypted private keys reported before agent runs

Free and open source

Secure the tool layer before the next autonomous run.

Download .dmg View source