Compared
Every secrets manager
stores secrets.
Only ClauLock is designed to keep them
out of the model.
Vault, Doppler, and .env keep secrets off disk in plaintext. They all assume the process that uses the secret is trusted with it. An AI model isn't that process — its context is logged in your transcript, sent to the API on every turn, and may be retained.
ClauLock answers a different question: given that the consumer of the secret can't be trusted with the plaintext, how do you let it use the secret anyway?
What the AI actually sees
| Capability | ClauLock | Vault | Composio | Doppler | .env |
|---|---|---|---|---|---|
| Plaintext secrets never enter the model's context | ✓ | ✗ App fetches value, passes to LLM | ~ Token proxied, but tools may echo | ✗ Injected as env var, visible to tools | ✗ |
| Transcript keeps placeholders, never raw values | ✓ {{GITHUB_TOKEN}} substituted post-hook | ✗ | ~ | ✗ | ✗ |
| Tool stdout/stderr scrubbed before returning to model | ✓ clsec-scrub redacts echoed secrets | ✗ | ✗ | ✗ | ✗ |
Where secrets live
| Capability | ClauLock | Vault | Composio | Doppler | .env |
|---|---|---|---|---|---|
| Storage location | Local machine | Self-hosted cluster | Vendor cloud | Vendor cloud | Filesystem |
| Encryption at rest | XChaCha20-Poly1305 | AES-256-GCM | Vendor-managed | AES-256-GCM | None |
| Key derivation | Argon2id + Keychain/Secret Service | Shamir + HSM optional | Vendor-managed | KMS | — |
| Works offline | ✓ | ~ Self-hosted: yes. HCP: no. | ✗ | ✗ | ✓ |
Claude Code integration
| Capability | ClauLock | Vault | Composio | Doppler | .env |
|---|---|---|---|---|---|
| MCP server with purpose-built tools | ✓ 16 tools, schema forbids raw reveal | ✗ | ~ Generic auth proxy, not secrets-first | ✗ | ✗ |
| PreToolUse / PostToolUse hooks | ✓ | ✗ | ✗ | ✗ | ✗ |
| Touch ID / biometric approval per use | ✓ | ✗ | ✗ | ✗ | ✗ |
Dev ergonomics
| Capability | ClauLock | Vault | Composio | Doppler | .env |
|---|---|---|---|---|---|
| Reference in shell: {{NAME}} placeholder | ✓ | ✗ vault kv get, copy/paste | ✗ | ~ doppler run -- wraps process | ✗ |
| Import from .env / 1Password / Doppler | ✓ | ✗ | ✗ | ~ Imports .env only | — |
| Audit log on the local machine | ✓ Every unlock + use | ✓ Server-side | ✓ Vendor dashboard | ✓ Vendor dashboard | ✗ |
Trust & audit
| Capability | ClauLock | Vault | Composio | Doppler | .env |
|---|---|---|---|---|---|
| Cryptography source is publicly auditable | ✓ Apache-2.0 | ~ BSL 1.1 | ✗ | ✗ | ✓ |
| Verifiable never-reveal invariant (CI test) | ✓ tests/leak_test.sh in CI | ✗ | ✗ | ✗ | ✗ |
| Supply chain: SLSA + cosign + minisign | ✓ | ~ | ✗ | ~ | — |
When to not pick ClauLock
- You operate a production fleet of servers, not a developer workstation. Use Vault or your cloud's KMS. ClauLock is local-first by design.
- You need a web app that authenticates to 80 SaaS APIs on a user's behalf. That's Composio / Nango territory — auth orchestration, not a local vault.
- You want one place to inject env vars into CI, Kubernetes, and staging servers. Doppler and Infisical are great at that. ClauLock isn't trying to be a fleet CM tool.
ClauLock lives on one developer's machine — the machine where Claude Code runs — and keeps secrets out of the model's context while it works. That's a narrow, important job. The other tools do their jobs well too.