Show HN: Vault-AI – an open-source digital safe for AI secrets (v0.3.2)

I built Vault-AI to solve a problem I kept running into when building AI apps: API keys and secrets end up scattered in .env files, hardcoded, or shared insecurely.

Vault-AI is a lightweight, self-hosted secrets manager — kind of like HashiCorp Vault, but simplified and aimed at AI workloads. It runs in Docker, comes with a simple CLI, and manages tenants, token-based auth, secret rotation, rollback, version history, and audit logs.

Quickstart: git clone → ./start.sh → vault-ai store/get

Repo: https://gitlab.com/vaultaiproject/vault-ai.git

Would love feedback from the HN community — what features are missing, and what would make this useful in your own AI/ML pipelines?

▲

jaredallard2 7 hours ago | parent [-]

Why would someone want to use this over Vault or the multitude of other secrets managers?

	▲	vaultaiproject 7 hours ago \| parent \| next [-]
		HashiCorp Vault (and other enterprise-grade managers) are incredibly powerful — but also heavy. For many AI/ML projects I’ve seen, people don’t need the full ecosystem: they just want to stop hardcoding API keys in .env files and have an easy way to rotate/retrieve them. Vault-AI is aimed at that use case: Lightweight & fast to start → git clone → ./start.sh gets you running in 2 minutes with Docker + Postgres. AI-first focus → tenants + token-based auth designed for AI agents, LLM apps, RAG pipelines. Simple CLI → no steep learning curve; just vault-ai store/get/rotate/audit. Self-contained → no external cloud dependencies, runs locally or on your infra. If you’re running a large enterprise with complex RBAC, PKI, dynamic secrets → HashiCorp Vault is the gold standard. If you’re building AI apps and just need a safe, self-hosted digital safe for API keys, tokens, and secrets, Vault-AI is a quicker fit.
	▲	vaultaiproject 7 hours ago \| parent \| prev [-]
		Thanks for your reply jaredallard2!