Linux 软件免费装

在这里免费安装WordPress以及其他软件

Kagivault

开发者 benridane
presents111
更新时间 2026年6月6日 19:54
PHP版本: 8.3 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

ai encryption connectors api keys ai connectors

下载

0.1.1 0.1.2

详情介绍:

Kagivault is an encrypted vault for the WordPress 7.0 AI Connectors API. Out of the box, WordPress stores the API keys you configure on Settings → Connectors (OpenAI, Anthropic, Google, OpenRouter, and any other AI provider registered with the AI Client) as plaintext rows in the wp_options table. Anyone with database access — backups, leaked dumps, host migration files — can read them. Kagivault wraps each AI Connectors key with XChaCha20-Poly1305 (authenticated encryption) and protects the data-encryption key with a vault password derived through Argon2id. The vault password is never persisted, and the vault automatically re-locks after a short, configurable idle timeout. Unlock from the admin UI, and the WordPress AI client transparently sees the decrypted keys — no other plugin changes required. Highlights Requirements The bundled sodium extension shipped with PHP 8.3+ on most platforms (Debian/Ubuntu php-sodium, RHEL php-sodium, Alpine php-sodium, Windows official builds) includes both capabilities. The plugin refuses to activate and surfaces a clear admin notice if either is unavailable.

安装:

  1. Upload the kagivault directory to /wp-content/plugins/.
  2. Activate the plugin through the Plugins menu in WordPress. If sodium or Argon2id is missing, activation aborts with a specific message listing what is missing.
  3. Visit Settings → Kagivault and set a vault password. Store the recovery key shown to you - it cannot be recovered later.

升级注意事项:

0.1.2 Documentation and project-link updates. No functional changes. 0.1.1 Idle-lock timeout defaults to 1 hour and is now configurable via the KAGIVAULT_IDLE_TIMEOUT wp-config constant. 0.1.0 Initial release of Kagivault.

常见问题:

What happens to my AI keys while the vault is locked?

They cannot be decrypted, so AI calls that rely on those keys will not have a key available for that request. Unlock the vault from Settings → Kagivault to restore functionality.

Where is the vault password stored?

Nowhere. It is held only in browser memory long enough to unlock the vault. The derived data-encryption key lives in a short-lived transient that expires after the configured idle timeout.

Does it cover keys defined in wp-config.php?

Not in this release. Constants and environment variables still take precedence over the encrypted database entries, as defined by core. A later release will add a migration path.

Can I change the idle-lock timeout?

Yes. Kagivault auto-locks after one hour of inactivity by default. Override per environment by defining the constant in wp-config.php: define( 'KAGIVAULT_IDLE_TIMEOUT', 1800 ); // seconds The constant always wins over the database setting. Values below 60 seconds are clamped to 60.

更新日志:

0.1.2 0.1.1 0.1.0