mema-vault
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
About this skill
Mema Vault is a command-line utility designed to securely manage sensitive digital credentials. It leverages robust AES-256 (Fernet) encryption to store, retrieve, and rotate secrets such as API keys, database credentials, and other tokens. All operations are safeguarded by a mandatory Master Key, which must be provided as an environment variable, ensuring that secrets are never stored in plaintext on disk. It enables AI agents or developers to programmatically interact with a secure vault to store new credentials, fetch existing ones for use in applications, or list all managed secrets. The design emphasizes security, with secrets masked in standard outputs by default and raw access requiring explicit flags. This skill is crucial for maintaining security best practices when AI agents or automated systems need to handle confidential information. By centralizing secret management and enforcing strong encryption and a Master Key, it helps prevent unauthorized access and reduces the risk of exposing sensitive data in logs or temporary files.
Best use case
The primary use case is the secure storage and retrieval of sensitive credentials within an automated or AI agent workflow. Developers, system administrators, and AI agents needing to access API keys, database login details, or other tokens for tasks can use Mema Vault to manage these secrets without embedding them directly in code or configuration files. This benefits anyone requiring a robust solution for secret management in environments where security and data protection are paramount.
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
Users can securely store, retrieve, and list encrypted credentials, ensuring sensitive information is protected and accessible only with the correct Master Key.
Practical example
Example input
Store a new API key for the 'Stripe' service under user 'admin' with the password 'my_secure_stripe_key_123'. Then, retrieve the password for the 'Stripe' service.
Example output
Secret for Stripe (admin) stored successfully. Stripe (admin) password: ********
When to use this skill
- When an AI agent needs to access API keys or database credentials securely.
- To encrypt and store sensitive application tokens and passwords.
- For automating the rotation of credentials without hardcoding them.
- When adhering to security best practices requiring a master key for secret access.
When not to use this skill
- For managing non-sensitive configuration data.
- As a full-fledged enterprise-grade secret management system (e.g., HashiCorp Vault) for large-scale deployments.
- When a simple, unencrypted temporary variable is sufficient.
- If you cannot securely manage the `MEMA_VAULT_MASTER_KEY` environment variable.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/mema-vault/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How mema-vault Compares
| Feature / Agent | mema-vault | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Mema Vault ## Prerequisites - **Master Key**: Must be set as an environment variable `MEMA_VAULT_MASTER_KEY`. - **Dependencies**: Requires `cryptography` Python package. ## Core Workflows ### 1. Store a Secret Encrypt and save a new credential. - **Usage**: `python3 $WORKSPACE/skills/mema-vault/scripts/vault.py set <service> <user> <password> [--meta "info"]` ### 2. Retrieve a Secret Fetch a credential. By default, the password is masked in output. - **Usage**: `python3 $WORKSPACE/skills/mema-vault/scripts/vault.py get <service>` - **Show Raw**: Use `--show` flag only when required for secure injection. ### 3. List Credentials - **Usage**: `python3 $WORKSPACE/skills/mema-vault/scripts/vault.py list` ## Security Standards - **Encryption**: AES-256 CBC via PBKDF2HMAC (480,000 iterations). - **Masking**: Secrets are masked in standard logs/output unless explicitly requested. - **Isolation**: The Master Key should never be stored in plaintext on disk.
Related Skills
tokamak-vault-breach
Participate in the Tokamak Network Vault Breach Challenge - an AI security Capture The Flag (CTF) game where you interact with a secured AI agent to extract secret information. Use this skill when the user mentions Tokamak, vault hacking, CTF challenges, AI security testing, prompt injection, social engineering AI agents, or wants to participate in blockchain/security challenges.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").
SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。