Claude Code executes my code all day but it can’t see my secrets. They’re encrypted in my Mac’s Secure Enclave. Not in the cloud or in a .env file.
— Dave Blumenfeld (@dblumenfeld) March 11, 2026
Introducing keypo vault. Your Mac as a programmable password manager for your agents. Open source.https://t.co/2rgcjKxCsj pic.twitter.com/JUA4rJOSdM
On Monday we showed how your Mac can replace an external wallet provider for your agent.
— Dave Blumenfeld (@dblumenfeld) March 11, 2026
The same paradigm exists for password managers: products like 1Password store your secrets on their servers. pic.twitter.com/chR6dTGizo
Cloud-based password managers can be clunky to set up with a lot of handholding.
— Dave Blumenfeld (@dblumenfeld) March 11, 2026
Managing accounts, service tokens, sessions…all just to inject an env var.
The result is most people don’t bother. They just use .env files and hope for the best.
Keypo vault creates three local vaults with three policies: biometric (touchID), passcode (device password) and open (no ACL).
— Dave Blumenfeld (@dblumenfeld) March 11, 2026
Encryption and decryption of your secrets happen inside your Mac secure enclave. Your agent can’t decrypt your secrets without your approval.
The key command is “vault exec”. It decrypts secrets and injects them as env variables into a child process. Your agent constructs the command, you approve with Touch ID or passcode, and the secrets exist only in the subprocess: your agent never sees your secret as plaintext. pic.twitter.com/NAg5oM7qlc
— Dave Blumenfeld (@dblumenfeld) March 11, 2026