🚧 SanctumAI is in beta. APIs may change before v1.0.
Getting StartedQuickstart

Quickstart

Initialize your vault and store your first secrets.

Initialize Your Vault

Create an encrypted vault to store credentials:

sanctum init

You’ll be prompted to create a master password. This encrypts your vault’s master key β€” choose something strong.

πŸ” Creating new Sanctum vault...
   Location: ~/.sanctum/

Enter master password: ********
Confirm master password: ********

βœ… Vault initialized successfully.
   - Master key encrypted with AES-256-GCM
   - Audit log initialized with HMAC chain
   - Ready to store credentials

Note: What just happened? Sanctum created ~/.sanctum/ with an encrypted master key, empty credential store, and a tamper-evident audit log. Nothing is stored in plaintext β€” ever.

Store Your First Secret

Store an OpenAI API key:

sanctum store openai/api_key \
  --type api_key \
  --description "OpenAI production key"

Sanctum prompts for the value securely (it won’t echo to your terminal):

Enter secret value:
βœ… Stored 'openai/api_key'
   Type: api_key
   Encrypted: AES-256-GCM (unique DEK)

Store a few more:

sanctum store anthropic/api_key --type api_key --description "Anthropic API key"
sanctum store github/token --type api_key --description "GitHub PAT"

List & Retrieve

List everything in the vault:

sanctum list
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Name                β”‚ Type     β”‚ Description              β”‚ Created             β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ openai/api_key      β”‚ api_key  β”‚ OpenAI production key    β”‚ 2026-02-10 23:15:00 β”‚
β”‚ anthropic/api_key   β”‚ api_key  β”‚ Anthropic API key        β”‚ 2026-02-10 23:15:30 β”‚
β”‚ github/token        β”‚ api_key  β”‚ GitHub PAT               β”‚ 2026-02-10 23:16:00 β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Retrieve a secret:

sanctum get openai/api_key
sk-proj-abc123...

Note: sanctum get outputs the raw value to stdout. Use this for verification or piping. Your AI agents should access secrets through the MCP server instead β€” it enforces policies and creates audit entries.

Next Step

β†’ Your First Credential: Register an agent and set policies

InstallationYour First Credential