v0.10.1 • local first • zero-trust broker

Zero-Trust credential brokering for Hermes Agent operators.

An encrypted local database, per-agent access policies, ephemeral environment injection, and unattended OAuth refresh. Keep plaintext API keys off your disk and out of autonomous agent contexts.

Install CLI Read the repository

Local-first SQLite Vault
Per-Agent Policy Doctor
Ephemeral Env Injection
Device-Code OAuth Login

Current Release 0.10.1 Adds explicit OAuth device-code login for headless terminal sessions.

Storage Engine SQLite + PBKDF2 Credentials stay local and encrypted under your master passphrase.

Local State Path ~/.hermes/vault-data Redirection supported via the HERMES_VAULT_HOME variable.

Obsidian Vault Zero-trust control Local-first scan

Interactive Sandboxes

Test the broker lifecycle in real time.

See how Hermes Vault scans plaintext configurations, imports credentials securely, and grants transient access to agents using Model Context Protocol (MCP) tool lifecycles.

Hacker Scan & Redaction Simulator

project-directory/.env (Source File)

# Local Environment Variables DATABASE_URL=postgresql://localhost:5432/main OPENAI_API_KEY="sk-proj-4a92c88f11d279bc3e8..." GITHUB_TOKEN="ghp_98a7bc72ef81a4b1239c..." PORT=4175

local-hermes-vault (SQLite DB)

Vault is locked & empty. Run a scan.

Model Context Protocol (MCP) Tool Lifecycle

Stage 01 Agent Tool Call

Autonomous agent requests env variables via the get_ephemeral_env tool.

Idle

Stage 02 Policy Check

Vault verifies the calling agent ID against permissions in policy.yaml.

Idle

Stage 03 Transient Injection

Key is safely materialized in agent environment for a TTL-bounded duration.

Idle

What it does

A secure boundary between credentials and agent contexts.

Hermes Vault keeps credentials in a central, local database, checking caller policy and providing temporary keys only when needed. Agents can interact programmatically using standard MCP tools.

Local SQLite encryption

Credentials live locally and are encrypted with AES-256-GCM. The salt stays beside the vault, failing closed on mismatch.

Least-Privilege Policy

policy doctor checks policy.yaml rules for agent capabilities, policy drift, and wildcard credential access.

Ephemeral environments

Brokers transient key injection into environment variables with a strict Time-to-Live (TTL) countdown constraint.

Unattended OAuth engine

Automatically rotates and refreshes OAuth tokens using stored refresh tokens without triggering a browser redirection.

MCP Server protocol

Exposes tools like verify_credential and get_ephemeral_env to Claude Desktop, Cursor, and LLM hosts.

Local console dashboard

dashboard serves a secure browser layout from packaged assets, keeping secret payloads out of the DOM.

Reality check

Local security is local security.

No cloud sync. No central server audits. Destructive vault actions, raw key updates, and policy edits are locked to the local CLI, keeping browser dashboards strictly read-only and metadata-focused.

Multi-profile isolation

Allows absolute vault database and policy configuration separation using the --profile argument.

Token-guarded console

The console dashboard binds to 127.0.0.1 and generates a process-local token required for all API calls.

Recovery drills

Verify backup age, check backups, and run non-mutating restore drills using the backup-verify utility.

Console Dashboard

Visual visibility without secret exposure.

The local dashboard (introduced in v0.8.0) renders health statistics, inventories, policies, and audits on localhost, keeping raw key payloads fully redacted.

Hermes Vault Console - Health Dashboard View — System Health & Alerts

Hermes Vault Console - Credential Inventory View — Credential Inventory Metadata

Hermes Vault Console - Audit Logs View — Local Agent Audit Logs

Operator installation

Safe installations, editable development setups.

Hermes Vault requires Python 3.11+. The safest production path is via isolated tool managers.

Production Install

uv tool install git+https://github.com/asimons81/hermes-vault.git
hermes-vault scan --path ~/.hermes
hermes-vault import --from-env .env

Installation Scope

Installs the CLI inside an isolated tool context. Recommends running a scan to flag plaintext secrets instantly.

Imports

Environment importer imports key variables automatically (e.g. *_API_KEY), skipping public configurations.

Contributor Workflow

git clone https://github.com/asimons81/hermes-vault.git
cd hermes-vault
uv sync --extra dev
uv run pytest tests/ -q

Local Development

Creates a synchronized editable environment with developer hooks and unit tests configured.

Testing Invariants

Never write real passphrases, databases, or provider token payloads into logs or test assets.

Release & status history

Proven CLI commands and production releases.

Hermes Vault has an active release trail. The local changelog tracks security fixes, command line updates, and dashboard improvements.

Current Release

v0.10.1

Adds explicit OAuth device-code login for headless shell sessions and remote server authorizations.

v0.10.0

Unattended OAuth auto-refresh engines and generic custom verifiers.

v0.9.0

Multi-vault profile support, file-based verifier plugins, tags and notes.

v0.8.0

Hermes Vault Console local browser dashboard with safe action boundaries.

v0.7.0

Policy doctor auditing tool, backup-verify drills, and Systemd integration helpers.