# Vaults

## Overview <a href="#overview" id="overview"></a>

LumiTeh offers an enterprise-grade secure vault system that lets you safely share authentication details with AI agents. All sensitive information is encrypted both at rest and in transit, and credentials are never exposed to LLMs or third-party services during agent execution. This ensures that your passwords, API keys, and other secrets remain protected while allowing agents to authenticate and interact with services on your behalf.

## ​Secure your credentials <a href="#secure-your-credentials" id="secure-your-credentials"></a>

Your credentials are protected with multiple layers of security:

* **Restricted Access**: Only your agents can access your credentials.
* **2FA Support**: Comprehensive support for two-factor authentication credentials.
* **End-to-End Encryption**: All secrets are encrypted at rest and in transit.
* **Zero Trust Architecture**: Credentials are never forwarded to LLM calls or external services.

***

## ​How it works <a href="#how-it-works" id="how-it-works"></a>

\
\
The Vault serves as an intermediary between the LLM agent and the browser session. Certain actions, like `FillActions` may involve sensitive information such as passwords, credit card numbers, or MFA secrets. When the system detects that the LLM agent intends to use such sensitive data, the vault handles the execution and replaces any placeholder credentials provided by the LLM with the real credentials stored in the vault. The key security advantage of this approach is that the LLM never has access to the actual credentials

<figure><img src="/files/s9zSTqywmX8niZeg7LRF" alt=""><figcaption></figcaption></figure>

## ​Vault Management <a href="#vault-management" id="vault-management"></a>

### ​Python SDK <a href="#python-sdk" id="python-sdk"></a>

The following snippet demonstrates how to manage your vault using the LumiTeh Python SDK.

```python
from lumiteh_sdk import LumiTehClient

lumiteh = LumiTehClient()
# Get your vault id from the LumiTeh dashboard
vault = lumiteh.Vault(vault_id="my_vault_id")
# Add your credentials securely
_ = vault.add_credentials(
    url="https://github.com/",
    email="my_cool_email@gmail.com",
    password="my_cool_password",
    # Check https://github.com/scito/extract_otp_secrets to extract your MFA secret
    # from your authenticator app
    mfa_secret="PYNT7I67RFS2EPR5",
)
# Run an agent with secure credential access
with lumiteh.Session() as session:
    agent = lumiteh.Agent(vault=vault, session=session, max_steps=10)
    response = agent.run(task="Go to the lumiteh/lumiteh repo and star it. If it's already starred don't unstar it.")

```

### ​Security Guarantees <a href="#security-guarantees" id="security-guarantees"></a>

* 🔒 Credentials are never stored in plain text
* 🔒 No credential data is sent to LLM providers
* 🔒 All credential operations are performed locally
* 🔒 Access to credentials is strictly controlled and logged
* 🔒 Open-source implementation for transparency

{% hint style="warning" %}
The **LumiTeh** Vault system is built on top of Infisical, an open-source secrets management platform. You can review our security implementation by checking our open-source repository.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lumiteh.com/key-concepts/vaults.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.