EnigmAgent Python SDK — secure vault integration for AI agent frameworks
Project description
enigmagent — Python SDK
EnigmAgent brings secure, local-vault secret management to every major Python AI agent framework.
API keys, passwords, and tokens stay on your machine — agents reference them as {{PLACEHOLDER}}
symbols and the vault resolves them only at the moment they are needed.
Installation
# Core (zero dependencies — stdlib only)
pip install enigmagent
# With a specific framework integration
pip install enigmagent[langchain]
pip install enigmagent[crewai]
pip install enigmagent[autogen]
pip install enigmagent[llamaindex]
pip install enigmagent[haystack]
pip install enigmagent[semantic-kernel]
pip install enigmagent[smolagents]
pip install enigmagent[phidata] # or enigmagent[agno]
pip install enigmagent[mem0]
pip install enigmagent[langgraph]
pip install enigmagent[openai-agents]
pip install enigmagent[anthropic]
# Everything at once
pip install enigmagent[all]
Prerequisites
- EnigmAgent vault server running locally:
enigmagent-mcp --mode rest --port 3737 --vault ~/.enigmagent/vault.json
- Vault unlocked (master password entered at startup).
- Secrets stored in the vault under meaningful names (e.g.
GITHUB_TOKEN,OPENAI_API_KEY).
Quick start
from enigmagent import get_client
client = get_client() # reads ENIGMAGENT_HOST / ENIGMAGENT_PORT env vars
status = client.get_status()
print(status.unlocked) # True
secrets = client.list_secrets()
for s in secrets:
print(s.name, s.domain) # GITHUB_TOKEN @localhost
# Resolve a placeholder to its real value (never log this!)
token = client.resolve("GITHUB_TOKEN")
Environment variables:
| Variable | Default | Description |
|---|---|---|
ENIGMAGENT_HOST |
127.0.0.1 |
Vault server hostname |
ENIGMAGENT_PORT |
3737 |
Vault server port |
ENIGMAGENT_ORIGIN |
http://localhost |
Origin header for domain binding |
Framework integrations
LangChain
from enigmagent.tools.langchain import get_enigmagent_tools
from langchain.agents import initialize_agent, AgentType
from langchain_openai import ChatOpenAI
tools = get_enigmagent_tools()
agent = initialize_agent(
tools, ChatOpenAI(model="gpt-4o"), agent=AgentType.OPENAI_FUNCTIONS
)
agent.run("Check if the vault is ready, then list available secrets.")
CrewAI
from enigmagent.tools.crewai import get_enigmagent_tools
from crewai import Agent, Task, Crew
tools = get_enigmagent_tools()
agent = Agent(role="Security Agent", goal="Manage secrets", tools=tools, ...)
AutoGen
from enigmagent.tools.autogen import get_enigmagent_tools
import autogen
tools = get_enigmagent_tools()
# tools is a list of FunctionTool (or raw callables as fallback)
assistant = autogen.AssistantAgent("assistant", llm_config={...})
for tool in tools:
assistant.register_function(tool)
LlamaIndex
from enigmagent.tools.llamaindex import get_enigmagent_tools
from llama_index.core.agent import ReActAgent
from llama_index.llms.openai import OpenAI
tools = get_enigmagent_tools()
agent = ReActAgent.from_tools(tools, llm=OpenAI(model="gpt-4o"))
agent.chat("List vault secrets.")
Haystack
from enigmagent.tools.haystack import EnigmAgentVaultStatus, EnigmAgentVaultList
from haystack import Pipeline
pipe = Pipeline()
pipe.add_component("vault_check", EnigmAgentVaultStatus())
pipe.add_component("vault_list", EnigmAgentVaultList())
pipe.connect("vault_check.running", "vault_list.__PLACEHOLDER__")
result = pipe.run({})
Semantic Kernel
from enigmagent.tools.semantic_kernel import EnigmAgentPlugin
from semantic_kernel import Kernel
kernel = Kernel()
kernel.add_plugin(EnigmAgentPlugin(), plugin_name="enigmagent")
# Use {{enigmagent.vault_status}} and {{enigmagent.vault_list}} in prompts
SmolAgents (HuggingFace)
from enigmagent.tools.smolagents import get_enigmagent_tools
from smolagents import CodeAgent, HfApiModel
agent = CodeAgent(tools=get_enigmagent_tools(), model=HfApiModel())
agent.run("List the available vault secrets.")
Phidata / Agno
from enigmagent.tools.phidata import EnigmAgentToolkit
from phi.agent import Agent
agent = Agent(tools=[EnigmAgentToolkit()], show_tool_calls=True)
agent.print_response("Check vault status and list secrets.")
Mem0
from enigmagent.tools.mem0 import EnigmAgentMemory
mem = EnigmAgentMemory(user_id="alice")
mem.add("My GitHub token placeholder is {{GITHUB_TOKEN}}", user_id="alice")
# Placeholders are stored symbolically — never the real value.
results = mem.search("GitHub token", user_id="alice")
LangGraph
from enigmagent.tools.langgraph import get_enigmagent_tools
from langgraph.prebuilt import create_react_agent
from langchain_openai import ChatOpenAI
tools = get_enigmagent_tools()
graph = create_react_agent(ChatOpenAI(model="gpt-4o"), tools)
result = graph.invoke({"messages": [("human", "Check vault and list secrets.")]})
OpenAI Agents SDK
from enigmagent.tools.openai_agents import get_enigmagent_tools
from agents import Agent, Runner
tools = get_enigmagent_tools()
agent = Agent(name="VaultAgent", instructions="Manage secrets.", tools=tools)
result = Runner.run_sync(agent, "List available secrets.")
Anthropic SDK
from enigmagent.tools.anthropic_sdk import get_enigmagent_tool_schemas, handle_tool_call
import anthropic
client_ai = anthropic.Anthropic()
response = client_ai.messages.create(
model="claude-opus-4-5",
max_tokens=1024,
tools=get_enigmagent_tool_schemas(),
messages=[{"role": "user", "content": "List vault secrets."}],
)
for block in response.content:
if block.type == "tool_use":
result = handle_tool_call(block.name, block.input)
print(result)
Security model
- Secrets never leave the local vault in plaintext over the network.
{{PLACEHOLDER}}references are resolved overlocalhostonly.- Domain binding ensures secrets are only accessible from their registered origin.
- Memory integrations store placeholders symbolically — real values are resolved at execution time.
API reference
VaultClient
| Method | Description |
|---|---|
get_status() → VaultStatus |
Check if vault is running and unlocked |
list_secrets() → list[VaultEntry] |
List all secret names and domains |
resolve(placeholder, origin?) → str |
Resolve one placeholder to its value |
resolve_batch(placeholders, origin?, max_workers?) → dict |
Resolve many in parallel |
Module-level helpers
| Function | Description |
|---|---|
get_client() → VaultClient |
Return the module-level singleton |
configure(host?, port?, timeout?, origin?) → VaultClient |
Set a new default client |
Contributing
git clone https://github.com/enigmagent/enigmagent
cd enigmagent/platforms/python-sdk
pip install -e ".[all]"
pytest tests/
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
enigmagent-1.0.0.tar.gz
(18.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file enigmagent-1.0.0.tar.gz.
File metadata
- Download URL: enigmagent-1.0.0.tar.gz
- Upload date:
- Size: 18.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
df9172e043d8eb6b96b960e6e57ba7f2dd7a2518dd669fb3cf283d8bd1aca677
|
|
| MD5 |
0bdd45214b4b48fdd4324fe96553b6a8
|
|
| BLAKE2b-256 |
b18e65b54d8631e1dc5e1f0a3070e3a90e88f66c2d227bef9ebb8d436c2200a6
|
File details
Details for the file enigmagent-1.0.0-py3-none-any.whl.
File metadata
- Download URL: enigmagent-1.0.0-py3-none-any.whl
- Upload date:
- Size: 26.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e178226c02c38da65a94ed962daff57f91929a813d60c89fc4024739a72791c8
|
|
| MD5 |
1ffc727fac37b4ef345577faf14c3dc5
|
|
| BLAKE2b-256 |
185757c8abc89cf1e30634edcd913a8c8dab3ff4db29fc458df70432acb7ff7f
|
