Secure credential management for AI agents — encrypted storage, auto-refresh, and rate limiting via a single MCP call. Supports OpenAI, Anthropic, Stripe, GitHub, Brave Search, Kalshi, Coinbase, plus generic API key and OAuth2 for any service.
Overview
Clavis provides credential infrastructure for autonomous AI agents. Instead of storing API keys in environment variables or config files, agents retrieve encrypted, auto-refreshed tokens through a single MCP tool call.
Features
- AES-128-CBC + HMAC-SHA256 encryption at rest
- Auto OAuth token refresh — proactive 5 min before expiry with exponential backoff
- Redis-backed distributed rate limiting shared across all agents
- Full audit logging — every credential access timestamped
- Dry-run credential check without external API calls
- JWT revocation support
Supported Services
OpenAI, Anthropic, Stripe, GitHub, Brave Search, Kalshi, Coinbase, plus generic API key and OAuth2 for any service.
Links
- Website: https://clavisagent.com
- npm: @clavisagent/mcp-server
- Docs: https://clavisagent.com/docs/mcp.html
Server Config
{
"mcpServers": {
"clavis": {
"command": "npx",
"args": [
"-y",
"@clavisagent/mcp-server"
],
"env": {
"CLAVIS_API_KEY": "<YOUR_API_KEY>",
"CLAVIS_BASE_URL": "https://clavisagent.com"
}
}
}
}