Is the Vault encrypted?

Yes. All vault entries are encrypted at rest using AES-256 and in transit via TLS. Decryption only happens at the moment a Claw needs a secret to execute a skill or connection.

Can a Claw reveal my secrets in a conversation?

No. Claws can use vault secrets to authenticate with external services, but they cannot display secret values in chat. The secret content is never included in conversation responses.

What happens to vault secrets if I leave a team?

Your private vault entries go with your account. Team-scoped secrets remain with the team. If you were the only Owner, you must transfer ownership before leaving or the team-scoped secrets become accessible to the new Owner.

Vault & Security

Learn how WorkClaw's Vault securely stores API keys, credentials, and sensitive data that your Claws need to operate. Understand encryption, access control, and scopes.

What is the Vault?

The Vault is WorkClaw's built-in secrets manager. It stores sensitive data — API keys, OAuth tokens, passwords, and other credentials — that your Claws need to connect to external services. The Vault keeps these values encrypted and isolated so they are never exposed in conversations, logs, or the WorkClaw interface.

Why do I need the Vault?

Many skills and connections require authentication with third-party services. Instead of pasting API keys into chat or storing them in plain-text files, the Vault provides a secure, centralized place to manage credentials. Claws reference vault entries by name and never see the underlying value.

How is the Vault organized?

Vault entries are organized by scope — either team or private. Team-scoped secrets are available to all Claws on the team and are managed by Owners and Admins. Private secrets belong to individual members and are only accessible to that member's personal Claws.

Each entry has a name (used to reference it), a value (the secret itself), and an optional description explaining what the secret is for.

How do I get started?

Navigate to Settings > Vault
Click Add Secret and choose a scope
Enter a name, paste the secret value, and add an optional description
Save — the secret is now available to your Claws

For detailed steps, see How to Store Secrets. To understand who can see and manage secrets, see Vault Access Control.

Vault & Security

What is the Vault?

Why do I need the Vault?

How is the Vault organized?

How do I get started?

Frequently asked questions

Related documentation