Skip to content
Founders$49 once → 2 years of Pro ($98 value)Become Founder →
ClauLock

FAQ

Frequently asked questions.

Short answers to the questions that come up most often. Threat model and design tradeoffs are in Security; the install / first-secret walk-through is in Docs.

Does this work with tools other than Claude Code?
Today ClauLock ships with a Claude Code plugin: PreToolUse / PostToolUse Bash hooks plus an MCP server. The underlying daemon is client-agnostic, so a similar integration can be built for any agent that supports MCP or shell hooks. We'll ship official integrations for more clients as demand grows.
Is the daemon required?
Yes. The daemon is what holds the unwrapped keys in mlocked memory and enforces the role-based access rules — including the block on Resolve for the MCP role. Without it there is no place to keep keys in memory safely, and there is no enforcement point. The CLI, exec shim, and MCP server are all thin IPC clients.
What happens if I lose my passphrase?
Your vault is unrecoverable. Argon2id plus XChaCha20-Poly1305 with no escrow means there is no vendor backdoor. That is the point. Back up your vault file (~/.clsec/vault.clsec) and your passphrase — the Keychain copy is tied to your user login. Rotate credentials if you suspect loss.
How is this different from 1Password Shell Plugins?
Shell Plugins are excellent for humans typing commands in a terminal. ClauLock is designed specifically for the AI-agent loop: the invariant that the model never receives the plaintext is enforced by the shape of the MCP API and by a role-based socket, not by a per-command confirmation. It also runs fully local by default — no SaaS component.
Which operating systems are supported?
macOS 13+, Linux (arm64 + x86_64), and Windows 10 1803+ (arm64 + x86_64). macOS stores the passphrase in the Keychain (Touch ID unlock when available); Linux uses freedesktop secret-service via libsecret with a file-vault fallback for headless hosts; Windows uses DPAPI (CryptProtectData/CryptUnprotectData scoped to the current user). The same vault format and never-reveal invariant apply across all three platforms.
Does Claude ever see my secret?
No. The MCP server exposes no tool that returns a plaintext value — no secret_reveal, no secret_read, no secret_export_plaintext. Placeholders in Bash commands are substituted at fork/exec by the clsec-exec shim, not by the model. If a command prints the value to stdout, the post-hook scrubber rewrites matching bytes to [REDACTED:<name>] before Claude reads the output.
What if a command prints the secret to stdout?
The PostToolUse hook runs an Aho-Corasick scan over the command output for any value that was resolved for that call and replaces matches with [REDACTED:<name>]. The scrubber also precomputes common transport encodings of the value (base64, base64url, percent-encoded, hex-escaped) so leaks through JSON, URLs, or debug traces are caught automatically. Values are fetched out-of-band from the daemon per call — the hook itself never sees keys it did not need.
Can I self-host a team vault?
Not yet. ClauLock is single-user, single-machine in the current release. A team-sync layer with end-to-end encryption and a zero-knowledge server is planned; it will not weaken the local invariant.
Is the source code open?
Source is licensed Apache-2.0 (crypto + hooks + leak-test) and BUSL-1.1 (product code; converts to Apache-2.0 on 2030-05-01) — see NOTICE in the public release mirror for the file-to-license map. The crypto crate is the first thing we expect auditors to read; we'll publish audit reports as they land. Pro / Enterprise components ship under a separate proprietary EULA in a private repo.
Does ClauLock phone home or ship telemetry?
The product (daemon, CLI, MCP, hooks) has zero network activity by default — no analytics, no crash reporter, no update pings. Your secrets stay on your machine. The website (claulock.com) is a separate surface and uses privacy-preserving analytics; see /privacy for the full breakdown.
Does the website track me?
Plausible (anonymous, aggregate, no cookies) runs on every page — no consent needed because there's nothing tying a visit to you. Google Analytics 4 only loads after you click Accept on the consent banner; click Reject (or enable Do Not Track) and gtag.js is never fetched. Full disclosure on /privacy.
How do I rotate a secret?
clsec rotate NAME — or ask Claude to rotate it and a fresh password box appears in the TUI. The record id and created_at are preserved so audit-log history stays correlated, and the old DEK is zeroed.
What does auto-lock do?
After 15 minutes of idle (tunable), the daemon drops unwrapped DEKs from memory. Subsequent calls to Resolve return Locked; the next CLI or hook call triggers a Keychain-backed unlock (Touch ID prompt if configured).

Something missing? Email [email protected] or open an issue on GitHub.