search

AgentVault Protocol

An open protocol for securing how AI agents access credentials, memory, and environment variables

hashtag
What is AVP?

The Agent Vault Protocol (AVP) is an open standard that defines how AI agents securely access credentials, memory, and external systems.

It provides a structured way to:

  • Control agent permissions

  • Secure credential usage

  • Enforce runtime validation

  • Track all agent actions

https://github.com/inflectiv/agent-vault-protocolarrow-up-right

hashtag
Why AVP Exists

AI agents are rapidly expanding into real-world use.

They interact with:

  • APIs

  • Financial systems

  • Databases

  • External services

But there is no standard for how agents should:

  • Access credentials

  • Be restricted

  • Be monitored

hashtag
Problem

AI agents run with full access to your credentials. There's no standard way to:

  • Scope which secrets an agent can see

  • Encrypt credentials at rest with per-file random salts

  • Store agent memory securely with search and expiration

  • Audit every credential and memory access decision

  • Revoke agent access in real-time

  • Redact sensitive values while preserving variable names

  • Exchange vaults between tools via a portable format

AVP solves this with a framework-agnostic protocol.

hashtag
The Role of AVP

AVP introduces a unified standard for:

  • Credential access

  • Permission enforcement

  • Execution control

  • Audit logging

It acts as the foundation layer for secure agent systems.

hashtag
Core Principles of AVP

hashtag
Zero Trust by Default

  • Agents start with no access

  • Permissions must be explicitly granted

hashtag
Explicit Permissioning

  • Every action must be defined in a profile

  • No implicit access

hashtag
Mediated Execution

  • Agents do not access systems directly

  • All actions go through a control layer

hashtag
Full Auditability

  • Every action is logged

  • Every decision is traceable

hashtag
Revocable Access

  • Permissions can be removed at any time

  • Sessions can be terminated instantly

hashtag
How AVP Works

AVP defines the interaction model between:

  • Agent

  • Control layer (AgentVault)

  • External systems

hashtag
Standard Flow

  1. Agent creates a request

  2. Request is sent through AVP layer

  3. Permissions are evaluated

  4. Decision is made

  5. Action is executed if allowed

  6. Result is returned

  7. Action is logged

hashtag
AVP Components

AVP defines a set of standard components.

hashtag
Vault

  • Secure storage for credentials

  • Encrypted and isolated

  • Not directly accessible

hashtag
Profiles

  • Define permission rules

  • Control what agents can do

hashtag
Sessions

  • Define runtime context

  • Control duration and scope

hashtag
Audit Trail

  • Records all actions

  • Ensures transparency

hashtag
Standardized Permission Model

AVP enforces structured permissions.

Each agent operates under a defined profile.

hashtag
Example Permissions

  • Allow access to specific API

  • Deny access to sensitive endpoints

  • Filter returned data

hashtag
Granularity

Permissions can be defined at:

  • Service level

  • Endpoint level

  • Action level

  • Data level

hashtag
Execution Model

AVP enforces indirect execution.

Agents do not:

  • Access credentials directly

  • Call APIs directly

Instead:

  • Requests are executed through the protocol layer

hashtag
Why This Matters

This ensures:

  • Credentials are never exposed

  • Actions are validated before execution

  • All activity is observable

hashtag
AVP vs Traditional Approaches

Capability
Traditional Systems
AVP

Secret storage

Yes

Yes

Permission model

Limited

Standardized

Runtime validation

No

Yes

Audit logging

Partial

Full

Revocation

Limited

Instant

hashtag
AVP + AgentVault

AVP is the protocol. AgentVault is the implementation.

Relationship:

  • AVP defines the rules

  • AgentVault enforces them

hashtag
Think of it like:

  • HTTP → Protocol

  • Browser → Implementation

hashtag
Where AVP Fits

AVP sits at the foundation of the agent ecosystem.

Stack:

  • Data layer → datasets

  • Agent layer → execution

  • AVP → control and security standard

  • AgentVault → runtime enforcement

hashtag
Why AVP Matters

Without AVP:

  • No standard for agent security

  • Each system builds its own model

  • Difficult to scale safely

With AVP:

  • Unified approach

  • Consistent behavior

  • Trusted execution

hashtag
Core Concepts

Concept
Description

Encrypted Vault

AES-256-GCM with scrypt key derivation, random salt per file

Memory Store

Encrypted agent memory with keyword search, confidence scoring, TTL

Permission Profile

YAML rules: allow / deny / redact, last-match-wins evaluation

Audit Trail

Immutable SQLite log of every access decision

Session

Bounded execution context with revocation support

Portable Vault

Self-contained .avault format for vault exchange

MCP Interface

12 tools for credential and memory access via Model Context Protocol

Memory Banks

Packaged knowledge with licensing (unlimited, time-locked, access-limited)

PreviousAgentVault ArchitectureNextInflectiv AI Roadmap

Last updated