Store login credentials for a service securely with AES-256-GCM encryption

Retrieve stored credentials by ID. Returns decrypted username and password.

List stored credentials, optionally filtered by service

Permanently delete stored credentials by ID

Get all credentials for a specific service

Generate a Google Authenticator QR code for a stored credential's TOTP secret

List all supported services with their login templates

Get detailed login template for a specific service

Register a custom service login template at runtime

Launch a new browser session for logging into a service

Navigate the browser to a URL within an active session

Close a browser session

List all active browser sessions

Automate login to a service using stored credentials. Launches browser, fills form, handles captcha.

Check the current page for captcha challenges

Solve a detected captcha on the current page using configured captcha service

Click the submit button on the login form (useful after captcha solving)

Check the current page for a 2FA code challenge

Generate a TOTP code from the stored secret and fill it into the 2FA input field

Check if a browser session is still active and optionally verify login status

Store an API key, access token, or other secret encrypted with AES-256-GCM

Retrieve a stored secret by ID (returns decrypted value)

List stored secrets, optionally filtered by service or kind

Permanently delete a stored secret by ID

Comprehensive health check of the auth-vault system — encryption, storage, services, sessions

Test if credentials exist in vault and validate their structure (returns non-sensitive info only)

Check if browser sessions are alive and can interact with pages

Verify TOTP secret by generating a current code and optionally checking against expected value

Test if a CSS selector works on a service's login page (launches browser, checks selector matches)

Check all secrets for expiration — identifies expired, expiring soon, or valid secrets

Test Chrome DevTools Protocol connectivity — verify CDP endpoint is reachable

Test all registered service templates — check if login pages are reachable