Python implementation of Agent Vault Protocol
Standard conformance · Async support · Type hints
avp-py is the official Python implementation of the Agent Vault Protocol (AVP). It provides a simple, Pythonic interface for secure credential management in AI agent systems.
- Standard AVP Conformance — All 7 core operations
- Multiple Backends — File, Keychain, Remote (Hardware via USB bridge)
- Async Support — Both sync and async APIs
- Type Hints — Full typing for IDE support
- Framework Integrations — LangChain, CrewAI, AutoGen ready
pip install avp-sdkWith optional backends:
pip install avp-sdk[keychain] # OS keychain support
pip install avp-sdk[remote] # Remote vault support (requests)
pip install avp-sdk[all] # All optional dependenciesimport avp
# Create vault instance
vault = avp.Vault("avp.toml")
# Authenticate
vault.authenticate()
# Store a secret
vault.store("anthropic_api_key", "sk-ant-...")
# Retrieve a secret
api_key = vault.retrieve("anthropic_api_key")
# Use with context manager (auto-cleanup)
with avp.Vault("avp.toml") as vault:
api_key = vault.retrieve("anthropic_api_key")import asyncio
import avp
async def main():
async with avp.AsyncVault("avp.toml") as vault:
await vault.authenticate()
api_key = await vault.retrieve("anthropic_api_key")
print(f"Retrieved key: {api_key[:10]}...")
asyncio.run(main())import avp
# File backend (encrypted)
vault = avp.Vault(backend=avp.FileBackend(
path="~/.avp/secrets.enc",
cipher="chacha20-poly1305"
))
# OS Keychain
vault = avp.Vault(backend=avp.KeychainBackend())
# Remote vault
vault = avp.Vault(backend=avp.RemoteBackend(
url="https://vault.company.com",
token="hvs.xxx"
))import avp
# Migrate from file to keychain
avp.migrate(
source=avp.FileBackend(path="~/.avp/secrets.enc"),
target=avp.KeychainBackend()
)from langchain_avp import AVPSecretManager
# Use AVP as LangChain's secret manager
secret_manager = AVPSecretManager("avp.toml")
llm = ChatAnthropic(api_key=secret_manager.get("anthropic_api_key"))from crewai_avp import AVPCredentialStore
# Use AVP as CrewAI's credential store
credentials = AVPCredentialStore("avp.toml")
agent = Agent(credentials=credentials)Replace insecure .env files:
import avp
# Before: insecure .env file
# ANTHROPIC_API_KEY=sk-ant-...
# After: secure AVP vault
vault = avp.Vault("avp.toml")
os.environ["ANTHROPIC_API_KEY"] = vault.retrieve("anthropic_api_key")Or use the AVP environment loader:
import avp
# Load all secrets into environment
avp.load_env("avp.toml", [
"anthropic_api_key",
"openai_api_key",
"github_token"
])| Method | Description |
|---|---|
discover() |
Query vault capabilities |
authenticate(**kwargs) |
Establish session |
store(name, value, **kwargs) |
Store a secret |
retrieve(name) |
Retrieve a secret |
delete(name) |
Delete a secret |
list(**filters) |
List secrets |
rotate(name, strategy) |
Rotate a secret |
| Level | Status |
|---|---|
| AVP Core | ✅ Complete |
| AVP Full | ✅ Complete |
| AVP Hardware |
See CONTRIBUTING.md for development setup.
Apache 2.0 — see LICENSE.