Zero to vaulted.
Ten minutes flat.
Grab a key, install an SDK, make three calls. This page is the whole path - from empty project to encrypted records your app can compute on without ever seeing plaintext.
- API v1
- @vaulty/sdk 1.x
- MCP 1.x
1. Get an API key
Every request to Vaulty is authenticated with a project API key. Getting one takes about a minute:
- Create an account atconsole.vaulty.xyz - free, no card required.
- Create a project. Every project gets its own isolated, HSM-backed keys, born inside FIPS 140-2 hardware.
- Copy your
vk_test_…key and export it where your code can reach it:
# Copy the key from Console → your project → API keys
export VAULTY_API_KEY=vk_test_xxxTest vs. live: vk_test_… keys write to an isolated sandbox vault and are free forever. vk_live_… keys encrypt production data - same API, real records. Both are secrets: keep them server-side or in your agent's MCP environment, never in client code.
2. Install an SDK
Official SDKs for Node.js and Python, with more on the way. Or skip the SDK entirely - every call maps 1:1 to plain REST.
npm i @vaulty/sdkpip install vaulty# No SDK required - the whole API is plain REST.
# Base URL: https://api.vaulty.xyz/v1
# Auth: Authorization: Bearer $VAULTY_API_KEY
# All five endpoints are in the API overview below.3. Store, compute, retrieve
Three calls cover almost everything you'll do with Vaulty. Store plaintext once, hold a reference forever, and let secure enclaves do the reading.
Store - plaintext in, reference out
import { Vaulty } from '@vaulty/sdk';
const vault = new Vaulty(process.env.VAULTY_API_KEY);
// Plaintext goes in exactly once - encrypted with AES-256-GCM
// on arrival, under keys that never leave FIPS 140-2 HSMs
const ref = await vault.store({
user: 'usr_8f3a2c',
data: { email: 'amelia@example.com', ssn: '514-22-9048' },
policy: { unlock: 'user-auth' },
});
console.log(ref); // 'ref_9f27ac31'store() returns a reference - an opaque token likeref_9f27ac31. Save the ref in your database instead of the data. Refs are safe to log, index, and hand to AI agents; they decrypt nothing on their own.
Compute - answers without exposure
// Operate on encrypted data inside a secure enclave -
// your app gets answers, never the underlying values
const last4 = await vault.compute(ref, 'mask:last4', { field: 'ssn' });
// => '•••-••-9048'
const check = await vault.compute(ref, 'validate:ssn', { field: 'ssn' });
// => { valid: true }compute() runs masking, validation, search, and tokenization inside secure enclaves (AWS Nitro Enclaves). The record is decrypted only within enclave memory - the host OS, your app, and Vaulty's own operators see nothing but ciphertext.
Retrieve - the only path to plaintext
// The ONLY path back to plaintext - and policy guards it.
// This record was stored with { unlock: 'user-auth' }, so
// decryption requires a fresh assertion from the end user:
// a passkey, biometric, MFA, or email/SMS code.
const record = await vault.retrieve(ref, {
authContext: assertion, // from your end-user auth flow
});retrieve() is deliberately the hardest call to make. It only succeeds if the record's policy allows it - and when the policy binds decryption to the end user, no auth context means no plaintext. Not for you, not for your admins, not for Vaulty.
The same store call, raw REST
curl https://api.vaulty.xyz/v1/records \
-H "Authorization: Bearer $VAULTY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"user": "usr_8f3a2c",
"data": { "email": "amelia@example.com", "ssn": "514-22-9048" },
"policy": { "unlock": "user-auth" }
}'
# => { "ref": "ref_9f27ac31" }4. Give your AI agent access
Agents shouldn't carry secrets in their context windows. Add the Vaulty MCP server and your agent gets vault_store, vault_retrieve,vault_compute, vault_grant, and vault_auditas native tools - passing refs instead of raw values.
{
"mcpServers": {
"vaulty": {
"command": "npx",
"args": ["-y", "@vaulty/mcp"],
"env": { "VAULTY_API_KEY": "vk_test_..." }
}
}
}Remote host? Connect via Streamable HTTP at https://mcp.vaulty.xyz. Tool schemas, agent policy patterns, and the full walkthrough live in theMCP reference.
API overview
Every endpoint lives under https://api.vaulty.xyz/v1 and authenticates with Authorization: Bearer $VAULTY_API_KEY. Five endpoints cover the entire surface:
| Endpoint | Purpose | Returns |
|---|---|---|
POST /records | Encrypt and store sensitive data | A reference (ref_…) |
GET /records/:ref | Retrieve plaintext - requires a user auth context when the policy is user-bound | The decrypted record |
POST /compute | Run an enclave operation (mask, validate, search, tokenize) on a ref | The operation result only |
POST /grants | Delegate scoped, expiring access to a service, teammate, or agent | A grant id and expiry |
GET /audit | Query the access history for a project or a single ref | Immutable audit events |
Concepts
Six words that appear everywhere in these docs.
- Record
- An encrypted object in the vault. Sealed with AES-256-GCM the moment it arrives; Vaulty never stores plaintext.
- Reference (ref)
- The opaque token (like
ref_9f27ac31) returned when you store a record. It replaces the data in your systems and is safe to log, index, and share with agents. - Policy
- Rules attached to a record at store time: who may decrypt, which compute operations are allowed, and when access expires.
- Grant
- A scoped, time-boxed delegation of access to a record or operation - for a service, a teammate, or an AI agent. Revocable at any time.
- Enclave operation
- A computation - mask, validate, search, tokenize, transform - executed on encrypted data inside a secure enclave. Results come out; plaintext never does.
- User-bound key
- An encryption key tied to end-user authentication: passkey, biometrics, MFA, or email/SMS code. Without the user, nobody decrypts - not the developer, not admins, not Vaulty.
Error codes
Errors come back as JSON with a stable code field. The four you'll actually see:
| Status | Code | Meaning |
|---|---|---|
| 401 | invalid_api_key | The key is missing, malformed, or revoked. Check$VAULTY_API_KEY - and whether you meant test or live. |
| 403 | policy_denied | The record's policy refused the operation - usually a missing user auth context or an expired grant. |
| 404 | unknown_ref | No record matches that reference in this project. Refs don't cross projects. |
| 429 | rate_limited | Too many requests. Back off and retry - limits scale withyour plan. |
Ready to vault something real?
Test keys are free, sandboxed, and take about a minute. Swap in a live key when you're ready for production.
AI agent? Connect our MCP server: npx -y @vaulty/mcp - see vaulty.xyz/mcp