a2a-vault

Zero-knowledge secrets management via PassBox — store, retrieve, rotate, and inject credentials securely.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "a2a-vault" with this command: npx skills add Paparusi/a2a-vault

A2A Vault (PassBox)

Zero-knowledge secrets management. Store API keys, tokens, and credentials with client-side encryption. The server never sees plaintext values.

Quick Start

Store a secret:

Use passbox_set_secret with vault "my-project", key "API_KEY", value "sk-abc123"

Retrieve a secret:

Use passbox_get_secret with vault "my-project", key "API_KEY"

Available Tools

Secret Operations

ToolDescription
passbox_get_secretRetrieve and decrypt a secret
passbox_set_secretCreate or update a secret (encrypted before upload)
passbox_list_secretsList secret names (values not returned)
passbox_delete_secretDelete a secret
passbox_rotate_secretTrigger manual secret rotation

Vault Management

ToolDescription
passbox_list_vaultsList all available vaults
passbox_list_environmentsList environments (dev, staging, prod)
passbox_get_environmentGet all secrets in an environment

.env Integration

ToolDescription
passbox_diff_envCompare local .env with vault secrets
passbox_import_envImport .env file into vault

Workflows

Set up project credentials

  1. passbox_list_vaults — see existing vaults
  2. passbox_set_secret — store each credential
  3. passbox_list_secrets — verify all keys are stored

Sync .env with vault

  1. Read your local .env file
  2. passbox_diff_env — see what's different
  3. passbox_import_env — push local secrets to vault

Environment promotion

  1. passbox_get_environment for "dev"
  2. Review values
  3. passbox_set_secret for each key in "staging"

Credential injection

Use with a2a_secure_execute to automatically inject secrets:

Use a2a_secure_execute with toolId "my-api-tool" and input { "apiKey": "{{API_KEY}}" }, vault "my-project"

The {{API_KEY}} placeholder is resolved from PassBox before execution.

Security Model

  • Client-side encryption: Values are encrypted before leaving your device
  • Zero-knowledge: The server stores only ciphertext
  • Environment isolation: dev/staging/prod secrets are fully separated
  • Audit trail: All access is logged
  • Secret rotation: Built-in rotation support with webhooks

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Supabase Vault

Replace OpenClaw's local file vault with Supabase Vault for AES-256 encrypted-at-rest secret storage. All API keys and auth tokens stored encrypted in Postgr...

Registry SourceRecently Updated
0138
Profile unavailable
Security

Mema Vault

Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys,...

Registry SourceRecently Updated
0502
Profile unavailable
Security

Privacy Mask

Mask and redact sensitive information (PII) in screenshots and images — phone numbers, emails, IDs, API keys, crypto wallets, credit cards, passwords, and mo...

Registry SourceRecently Updated
1117
Profile unavailable