Back to Details

agent-id-vault

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Alien Agent ID — Vault

Alien Agent ID — Vault

Encrypted storage for external-service credentials. The encryption key is derived from the agent's main private key via HKDF-SHA256, so credentials are only readable on the same machine as the bound agent. Encryption is AES-256-GCM with a fresh IV per write.
Requires that 
agent-id-setup bootstrap
has already produced a keypair under 
${AGENT_ID_STATE_DIR:-$HOME/.agent-id}
.
外部服务凭证的加密存储。加密密钥通过HKDF-SHA256从Agent的主私钥派生而来,因此仅在绑定Agent的同一台机器上才能读取凭证。加密采用AES-256-GCM算法,每次写入都会使用新的IV。
要求
agent-id-setup bootstrap
已在
${AGENT_ID_STATE_DIR:-$HOME/.agent-id}
下生成密钥对。

Resolve the CLI

解析CLI

bin/cli.mjs
lives in this plugin's directory. Substitute 
CLI
with the absolute path (e.g. 
node /abs/path/to/plugins/agent-id-vault/bin/cli.mjs
) in the examples below.
bin/cli.mjs
位于此插件的目录中。在以下示例中,请将
CLI
替换为绝对路径(例如
node /abs/path/to/plugins/agent-id-vault/bin/cli.mjs
)。

Store a credential

存储凭证

bash
undefined
bash
undefined

Most secure — never appears in argv or shell history:

最安全的方式——不会出现在argv或Shell历史记录中:

node CLI store --service github --credential-file /tmp/gh-token
node CLI store --service github --credential-file /tmp/gh-token

From an environment variable (typed/pasted into the calling shell):

从环境变量读取(在调用Shell中输入/粘贴):

GH_TOKEN=ghp_... node CLI store --service github --credential-env GH_TOKEN
GH_TOKEN=ghp_... node CLI store --service github --credential-env GH_TOKEN

Piped via stdin:

通过标准输入管道传输:

echo "$GH_TOKEN" | node CLI store --service github
echo "$GH_TOKEN" | node CLI store --service github

Fallback — visible in process list and shell history, avoid:

备选方案——会出现在进程列表和Shell历史记录中,建议避免:

node CLI store --service github --credential "ghp_..."

Optional flags: `--type api-key|oauth|...`, `--url <hint>`, `--username <hint>`.

Never accept a secret pasted into chat. Transcripts persist. Use a file or env var as the transport.
node CLI store --service github --credential "ghp_..."

可选参数:`--type api-key|oauth|...`、`--url <提示信息>`、`--username <提示信息>`。

切勿接受在聊天中粘贴的密钥,聊天记录会被持久化。请使用文件或环境变量作为传输方式。

Retrieve a credential

检索凭证

bash
node CLI get --service github
Returns JSON 
{ ok, service, type, credential, url, username }
. Pipe 
.credential
into the calling tool:
bash
GH_TOKEN=$(node CLI get --service github | jq -r .credential)
curl -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user
bash
node CLI get --service github
返回JSON格式的结果
{ ok, service, type, credential, url, username }
。可将
.credential
内容管道传输至调用工具:
bash
GH_TOKEN=$(node CLI get --service github | jq -r .credential)
curl -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user

List or remove

列出或删除凭证

bash
node CLI list             # metadata only — never returns plaintext credentials
node CLI remove --service github
bash
node CLI list             # 仅返回元数据——绝不会返回明文凭证
node CLI remove --service github

Common flag

通用参数

--state-dir <path>
— defaults to 
$AGENT_ID_STATE_DIR
then 
~/.agent-id
.
--state-dir <路径>
—— 默认值为
$AGENT_ID_STATE_DIR
,若未设置则使用
~/.agent-id