Vault Manager

Vault Manager

The Elemm Vault provides a secure, centralized visual interface to manage all your API keys and authentication tokens. The interface stays synced with ~/.elemm/vault.json in real-time.

Core Capabilities

1. Automatic Hostname Injection

For standard REST and GraphQL endpoints, credentials are automatically injected into outgoing HTTP requests based on the target hostname (e.g., api.weatherapi.com). You can specify the exact injection method:

• Auth Type: Select from API Key, Bearer Token, or Basic Auth.
• Location: Define whether the key should be injected into the URL Query or the HTTP Header.
• Parameter Name: Specify the exact key name required by the API (e.g., key, Authorization, x-api-key).

2. Secure MCP Server Referencing

For local MCP servers, hardcoding environment variables or API keys in configuration files is a security risk. The Vault allows you to store these secrets safely.

You can define an Auth Type of Environment Variable (MCP) and then securely reference it inside your MCP Server configurations using the special vault:KEY_NAME syntax.

For example, a credential named IMPORTED_SQLITE-SERVER_SQLITE_API_KEY can be injected seamlessly into an MCP sandbox environment without exposing the raw secret.

3. Security & UI Masking

• Visual Masking: All credential values are obfuscated by default in the UI to prevent shoulder-surfing. You can click the eye icon to temporarily reveal a specific secret.
• DLP Integration: The Elemm Guardian (Data Loss Prevention) automatically scrubs these known secrets from any API responses before they are handed back to the AI agent, ensuring tokens never leak into the LLM context.