close
Automic Vault Automic Vault
GitHub Download

FROM THE CREATOR OF HOMEBREW

Don’t Get Owned By Your Own Tools

Secure the tools you install

Keep installing packages the same as always. Automic Vault sits on top. Detecting exposed secrets, hardening the tools that use them, and warning you when your stack stops being safe.

Download Automic Vault Apple Silicon, macOS 26
Detect exposure View source

01 · DETECT

A compromised package just needs to read one file. How many do you have?

The biggest supply chain attacks of 2026 didn't start by attacking production. They started by attacking developer laptops.

Detect secret exposure in your stack before the next supply chain attack bites you. Automic Vault surfaces package-owned tokens, credential files, helper leaks, and agent-readable config while the tools are still local to your Mac.

Automic Vault showing a GitHub CLI token exposure hazard for gh

02.1 · HARDEN (Secrets)

Off disk. Into Keychain.

One command moves plaintext credentials out of reach of agents and malware.

Automic Vault patches packages that work with secrets to keep those secrets away from malware and agents. Supported tools get a Keychain-backed helper path, so the command can run without leaving reusable credentials in files any local process can read.

Harden package-owned secrets
$ brew install awscli
installed: /opt/homebrew/Cellar/awscli

$ av scan
plaintext secret exposure: ~/.aws/credentials
reason agent-readable cloud keys

$ cat ~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

$ av harden awscli
saved AWS keys in Keychain
rewrote credential_process helper
removed plaintext credentials
made install immutable

$ cat ~/.aws/credentials
[default]
credential_process = /usr/local/bin/av credential-helper aws
Package hardening feed Known tools, visible controls.

Automic Vault rotates through package rules for helper protocols, temporary homes, Keychain-backed tokens, and plaintext hazard detection.

gh

GitHub tokens saved in Keychain and injected only for gh commands

 awscli

AWS keys moved from ~/.aws/credentials to credential_process

 curl

netrc and curlrc credentials detected as hazards

 git

plaintext credential-store files flagged before agent runs

 npm

registry tokens mounted through a temporary npm config

02.2 · HARDEN (Immutability)

Let agents run your tools without rewriting them.

Sealed installs. Controlled updates. Nothing changes without you.

Stop agents from modifying themselves by installing packages immutably, and stop agents or malware from modifying vital tools in your stack. Automic Vault puts tools in sealed roots and exposes a controlled av shim on PATH: agents can run the tool, but changing the tool itself routes through an approved update.

Automic Vault immutable package root preventing agents or malware from rewriting installed tools 
$ av install codex
awaiting Touch ID for root escalation… approved
prefix: /opt/codex
shim: /usr/local/bin/codex -> /opt/codex/bin/codex

$ codex exec "patch $(which codex)"
permission denied

02.3 · HARDEN (.env)

Encrypt .env. Break nothing.

Keys stay in Keychain. Your shell keeps working.

dotenvx-compatible .env file encryption with the private key securely stored in the AV Keychain. av dotenv writes dotenvx-compatible encrypted: values, then approved shell hooks decrypt only for the command that asked for them.

Encrypted .env with direnv-style loading
$ cd ~/work/billing-api

$ cat .env
APP_ENV=development
LOG_LEVEL=debug
PUBLIC_SITE_URL=https://billing.example
STRIPE_SECRET_KEY=sk_live_4eC39HqLyjWDarjtT1zdp7dc
OPENAI_API_KEY=sk-proj-BJN9zqY2Q9p7xWm8kL3n
DATABASE_URL=postgres://billing:s3cr3t@db.internal/app

$ av dotenv init
found existing .env
stored DOTENV_PRIVATE_KEY in Keychain

$ av dotenv encrypt
encrypted .env

$ cat .env
DOTENV_PUBLIC_KEY="BP9x..."
APP_ENV=development
LOG_LEVEL=debug
PUBLIC_SITE_URL=https://billing.example
STRIPE_SECRET_KEY="encrypted:BO/8An..."
OPENAI_API_KEY="encrypted:BJN9z..."
DATABASE_URL="encrypted:BI4p3..."
# ^^ dotenvx compatible

$ echo 'eval "$(av dotenv hook zsh)"' >> ~/.zshrc

----- NEW TERMINAL SESSION -----

$ cd ~/work/billing-api
av: human approval required… approved
av: +STRIPE_SECRET_KEY +OPENAI_API_KEY +DATABASE_URL

$ npm run dev
# keys exported into this shell only

03 · MONITOR

Not a one-time scan. Ongoing detection.

Homebrew, npm, pip, curl: keep using all of it. We’ll flag risky changes.

Keep installing with Homebrew, npm, pip, and curl one-liners. Automic Vault watches for new hazards in the tools and local config that agents can reach.

  • Multi-source packages. Install and harden tools from Homebrew, npm, and PyPI, with curl-style installer tracing in the same workflow.
  • Touch ID installs. Approve privileged installs and updates without leaving the terminal.
  • Auto updates. Keep the app and hardened package rules current in the background.
  • GUI search and discovery. Browse packages, homepages, versions, hazards, and security notes.
  • Notifications. Know when new vulnerabilities or exposed secrets appear.
Automic Vault app showing a plaintext credential hazard beside a package homepage

Built by Max Howell

Homebrew made installing tools normal. Automic Vault adds the local boundary.

Max Howell created Homebrew. Automic Vault comes from the same operating reality: developers install a lot of tools, those tools hold real authority, and the endpoint needs a boundary before agents or compromised packages can turn local secrets into access.

Hira avatar Hira @Hiraweb3

we needed this yesterday but i'll take it now

Free and open source

Free, open source local security for agent toolchains.

Download Automic Vault Read docs Browse packages