-
Notifications
You must be signed in to change notification settings - Fork 7
Vault
Manolis Tzanidakis edited this page Mar 15, 2026
·
1 revision
Praktor includes an encrypted vault for API keys, tokens, SSH keys, and service account files. Secrets are encrypted at rest with AES-256-GCM (Argon2id key derivation) and injected into containers at start time — never passed through the LLM.
praktor vault set github-token --value "ghp_xxx" --description "GitHub PAT"
praktor vault set ssh-key --file ~/.ssh/id_rsa --description "Deploy key"
praktor vault list
praktor vault get github-token
praktor vault assign github-token --agent coder
praktor vault global github-token --enable
praktor vault delete github-tokenSecrets can also be managed from the Secrets page in Mission Control.
Reference secrets with secret:name syntax in env values or files:
agents:
coder:
env:
GITHUB_TOKEN: "secret:github-token" # Injected as env var
files:
- secret: gcp-service-account # Injected as file
target: /etc/gcp/sa.json
mode: "0600"Getting Started
Configuration
Features
Extensions
Operations