Phantom Vault

Secrets exist but are never observable.

Your AI coding assistant can read your .env files. Every API key, every database password โ€” visible, loggable, leakable. Phantom Vault makes it so your AI can use your secrets without ever seeing them.

Install (Mac & Linux)
curl -fsSL https://phantomvault.riscent.com/install | sh

๐Ÿ” Hardware-Backed Encryption

Master key lives in Apple Secure Enclave or TPM. No password file exists anywhere.

๐Ÿ›ก๏ธ Oracle Attack Prevention

Commands are analyzed before execution. Character-by-character probing is blocked.

๐Ÿ” Multi-Encoding Sanitization

Output scanned for secrets in 15+ encodings. Base64, hex, URL-encoded โ€” all caught.

๐Ÿ“ฆ Process Sandboxing

Commands run in network-restricted subprocesses. Secrets die when the process dies.

๐Ÿชค Canary Detection

Honeypot secrets detect exfiltration attempts. Get alerted the moment something probes.

๐Ÿ”— Claude Code + MCP

One command to connect. Your AI agent gets 6 tools โ€” none return plaintext secrets.