asimons81

asimons81 / hermes-vault

Public

Hermes-native local-first credential broker, scanner, and encrypted vault.

53
1
100% credibility
Found Apr 20, 2026 at 53 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Hermes Vault is a local secure storage tool for managing AI agent credentials by scanning files for exposed secrets, encrypting them in a vault, enforcing access rules per agent, verifying validity, and generating usage instructions.

How It Works

1
🔍 Discover Hermes Vault

You hear about Hermes Vault while worrying about passwords for your AI helpers scattered in files.

2
🛠️ Set it up

You easily get it running on your computer by picking a strong personal password to protect everything.

3
🕵️ Scan your files

You tell it to check your folders for any passwords left out in the open.

4
⚠️ Spot the risks

It shows you a clear list of where passwords are hiding unsafely, so you know exactly what to fix.

5
💾 Store safely

You move those passwords into the secure vault where they're locked away tight.

6
📋 Set house rules

You decide which AI helper can use which passwords and for how long.

7
Check and share

You test if passwords still work and let helpers borrow them temporarily when needed.

🎉 All secure

Now your AI helpers stay productive without any password leaks, and you feel in control.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 53 to 53 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is hermes-vault?

Hermes-vault is a Python CLI tool that acts as a hermes-native, local-first credential broker, scanner, and encrypted vault for Hermes agents. It scans your Hermes files for plaintext secrets, duplicates, and insecure permissions, then imports and encrypts them into a local SQLite database protected by a passphrase-derived key. Developers get secure credential storage, policy-enforced access brokering via ephemeral env vars, pre-use verification against providers like OpenAI and GitHub, and auto-generated skill contracts to keep agents from hoarding secrets.

Why is it gaining traction?

It stands out by enforcing strict policies per agent—limiting TTLs, blocking raw secret dumps, and requiring verification before re-auth claims—preventing the usual credential leaks in AI workflows. The scanner catches essence vault hermes dupes and hermes vault challenges early, while broker commands like `hermes-vault broker env openai --agent dwight` deliver short-lived envs without exposing keys. No cloud dependency means full control, with backups and restores for easy migration.

Who should use this?

Hermes agent runners managing API keys for OpenAI, Anthropic, or GitHub in local setups. Solo devs or small teams handling multi-agent credential sprawl, especially those tired of env file hunting and unverified re-auth loops. Ideal for anyone auditing plaintext secrets in `~/.hermes` before they hit logs or agent memory.

Verdict

Try it if you're deep in Hermes—solid CLI, thoughtful policy YAML, and verifier make it practical for daily use despite 48 stars and 1.0% credibility score signaling early maturity. Polish tests and add more verifiers to hit production readiness.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.