The cipher card inside QuantaCanvas bridges to KeyStash — secret values never enter JavaScript. Agents get exactly the credentials they need, nothing more.
Get Started Free →AgentCipher is the cipher card inside QuantaCanvas (Starter+). It bridges to KeyStash over a Unix domain socket — Tauri commands handle all secret access in Rust, so JavaScript never sees a plaintext value.
Secret values never cross the Tauri command boundary into JavaScript. Clipboard copies happen entirely in Rust — your plaintext credentials are never present in the renderer process at any point.
Exposes five MCP tools — vault_status, list_secrets, get_secret, add_secret, update_secret — so Claude Code can retrieve credentials programmatically. Only secrets marked ai_accessible reach agents at all.
Each secret carries a per-entry ai_accessible flag. Secrets not marked for agent access are invisible to MCP entirely — preventing malicious prompts from reading or overwriting credentials they were never meant to touch.
Type-specific templates for Passwords, API Keys, SSH Keys, Certificates, Env Files, and Generic secrets — each with the right fields for its kind, not a generic key-value pair.
AgentCipher connects to KeyStash over a Unix domain socket at ~/.keystash/canvas.sock (permissions 0o600). The socket carries JSON request/response pairs — encryption lives in KeyStash, not in QuantaCanvas.
Secrets display as expandable rows with lazy-loaded field names and a per-field copy button. Clipboard operations show a 2-second "Copied" indicator. Vault state is shown as Locked (amber), Unlocked (green), or Offline (gray) when KeyStash is not running.
AgentCipher is the cipher card within QuantaCanvas (Starter+). Encryption lives in KeyStash — QuantaCanvas is a secure UI bridge, never a secret store itself.
AgentCipher is the cipher card inside QuantaCanvas. Pair it with KeyStash for encrypted local storage and AgentEKG to observe credential access in real time.