Mema Vault

Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.

Audits

Pass

ClawScanReview

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install mema-vault

Mema Vault

Prerequisites

Master Key: Must be set as an environment variable MEMA_VAULT_MASTER_KEY.
Dependencies: Requires cryptography Python package.

Core Workflows

1. Store a Secret

Encrypt and save a new credential.

Usage: python3 $WORKSPACE/skills/mema-vault/scripts/vault.py set <service> <user> <password> [--meta "info"]

2. Retrieve a Secret

Fetch a credential. By default, the password is masked in output.

Usage: python3 $WORKSPACE/skills/mema-vault/scripts/vault.py get <service>
Show Raw: Use --show flag only when required for secure injection.

3. List Credentials

Usage: python3 $WORKSPACE/skills/mema-vault/scripts/vault.py list

Security Standards

Encryption: AES-256 CBC via PBKDF2HMAC (480,000 iterations).
Masking: Secrets are masked in standard logs/output unless explicitly requested.
Isolation: The Master Key should never be stored in plaintext on disk.