Brainz Lab / Products
Available Now

Vault

Secrets Management

Give Claude secure access to your secrets. AI manages API keys, rotates credentials, and stays secure—automatically.

Before

How Claude sees your app today

C
Claude
Y

You

Our Stripe API key is expiring. Can you rotate it?

C

Claude

I'd like to help, but I don't have access to your secrets.

I can't see your API keys, rotate credentials, or update environment variables.

Could you log into Stripe, generate a new key, and update your env file manually?

Y

You

*Opens 1Password, finds Stripe login, generates new key, updates .env, restarts server...*

After

How Claude sees your app with Vault

C
Claude
Vault connected
Y

You

Our Stripe API key is expiring. Can you rotate it?

C

Claude

Let me check the current key and rotate it...

Using vault.get_secret

vault.get_secret("STRIPE_API_KEY")

Response

STRIPE_API_KEY

Value: sk_live_...7xKm (masked)

Expires: 2 days · Last rotated: 89 days ago

Found it. Expires in 2 days. Rotating now...

Using vault.rotate_secret

vault.rotate_secret("STRIPE_API_KEY")

Response

STRIPE_API_KEY rotated

New value: sk_live_...9pQr (masked)

Expires: 90 days · All instances updated

Done. Stripe key rotated across all environments.

Production, staging, and development all have the new key. No restart needed.

Rotation time: 15 seconds

The Difference

Without Vault

  • Claude can't see your secrets
  • You manage .env files manually
  • Key rotation is a chore
  • Secrets drift across environments

With Vault

  • + Claude manages secrets securely
  • + One source of truth, synced everywhere
  • + Auto-rotation before expiry
  • + Full audit log of every access

How It Works

1

Store secrets securely

Encrypted at rest, never exposed in logs or configs.

vault.set_secret ("STRIPE_KEY", "sk_live_...")
2

Access via MCP

AI agents can read and manage secrets with proper permissions.

Role-based access

AI can read secrets, humans approve changes

3

Sync to your app

Secrets are injected at runtime. No .env files to manage.

# In your Rails app

ENV["STRIPE_KEY"] # Just works

4

Auto-rotate before expiry

AI monitors expiration dates and rotates proactively.

STRIPE_KEY rotated — 7 days before expiry

The Tools AI Uses

Available via MCP (Model Context Protocol)

vault.list_secrets()

"What secrets do we have?"

vault.get_secret(name)

"Show me the Stripe key"

vault.rotate_secret(name)

"Rotate the database password"

vault.check_expiry()

"What keys are expiring soon?"

Security First

Encrypted at Rest

AES-256 encryption. Keys never stored in plain text.

Audit Logging

Every access logged. Know who read what, when.

Role-Based Access

AI reads, humans approve. Fine-grained permissions.

Expiry Tracking

Never let a key expire unexpectedly. Alerts before deadline.

Get Started

One gem. Zero config. Works in 30 seconds.

# Add to your Gemfile

gem 'brainzlab'

# Run bundle

$ bundle install

# That's it. Secrets are secured.

Try It Now

Run Vault locally in 5 minutes. Docker required.

Quickstart Guide Follow the Journey