Kagivault
Kagivault is an encrypted vault for the WordPress 7.0 AI Connectors API. Out of the box, WordPress stores the API keys you configure on Settings → Connectors (OpenAI, Anthropic, Google, OpenRouter, and any other AI provider registered with the AI Client) as plaintext rows in the wp_options table. Anyone with database access — backups, leaked dumps, host migration files — can read them. Kagivault wraps each AI Connectors key with XChaCha20-Poly1305 (authenticated encryption) and protects the data-encryption key with a vault password derived through Argon2id. The vault password is never persisted, and the vault automatically re-locks after a short, configurable idle timeout. Unlock from the admin UI, and the WordPress AI client transparently sees the decrypted keys — no other plugin changes required. Highlights Drop-in encryption for every AI Connectors provider (connectors_ai_*_api_key rows) Vault password unlock with idle-timeout auto-lock Recovery key as a parallel unlock path Optional: link a WordPress login password so signing in automatically unlocks the vault Easy-mode initialization — no separate vault password to remember if you just want one-click setup Transparent for the core WP AI client and the Connectors admin page Versioned blob format for future cipher upgrades Requirements WordPress 7.0 or newer (uses the Connectors API introduced in 7.0) PHP 8.3 or newer PHP sodium extension with XChaCha20-Poly1305 AEAD (sodium_crypto_aead_xchacha20poly1305_ietf_encrypt) PHP sodium extension with Argon2id (SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13, requires libsodium 1.0.13+) The bundled sodium extension shipped with PHP 8.3+ on most platforms (Debian/Ubuntu php-sodium, RHEL php-sodium, Alpine php-sodium, Windows official builds) includes both capabilities. The plugin refuses to activate and surfaces a clear admin notice if either is unavailable. Privacy Policy Kagivault does NOT: Send any data to external servers Track users Use cookies for tracking Share data with third parties Kagivault DOES: Process and store encrypted API keys locally on your server (wp_options) Keep the data-encryption key only in a short-lived transient that expires after the configured idle timeout Support For support, bug reports, or feature requests: Website: https://github.com/benridane/kagivault Development Development happens on GitHub. Pull requests welcome! Follow WordPress coding standards All code must pass wp plugin check kagivault
Top keywords
- ai8×2.19%
- connectors7×1.92%
- vault7×1.92%
- kagivault6×1.64%
- wordpress6×1.64%
- api5×1.37%
- key5×1.37%
- password5×1.37%
- sodium5×1.37%
- php4×1.10%
- vault password4×1.10%
- wp4×1.10%
JWT Authentication for WP REST APIs
WordPress REST API endpoints are open and unsecured by default which can be used to access your site data. Secure WordPress APIs from unauthorized users with our JWT Authentication for WP REST APIs plugin. Our plugin offers below authentication methods to Protect WP REST API endpoints: – JWT Authentication – Basic Authentication – API Key Authentication – OAuth 2.0 Authentication – External Token based Authentication 2.0/OIDC/JWT/Firebase provider’s token authentication methods. You can authenticate default WordPress endpoints and custom-developed REST endpoints and third-party plugin REST API endpoints like that of Woocommerce, Learndash, Buddypress, Gravity Forms, CoCart, etc. WP REST API Authentication Methods in our plugin JWT Authentication Provides an endpoint where you can pass the user credentials, and it will generate a JWT (JSON Web Token), which you can use to access the WordPress REST APIs accordingly. Additionally, to maintain a seamless user experience without frequent logins needed due to token expiry, you can use our Refresh and Revoke token mechanisms feature. When the access token expires, instead of forcing the user to log in again, the client can request a new access token using a valid refresh token. API Key Authentication Basic Authentication: – 1. Username: Password – 2. Client-ID: Client-Secret OAuth 2.0 Authentication – 1. Password Grant – 2. Client Credentials Grant Third Party Provider Authentication Following are some of the integrations that are possible with WP REST API Authentication: Learndash API Authentication Custom Built REST API Endpoints Authentication BuddyPress API Authentication WooCommerce API Authentication Gravity Form API Authentication External/Third-party plugin API endpoints integration in WordPress You can also disable the WP REST APIs with our plugin such that no one can make API calls to your WordPress REST API endpoints.Our plugin also provides Refresh and Revoke Token that can be used to improve the API security. Benefits of Refresh Token Enhances security by keeping access tokens short-lived. Improves user experience with uninterrupted sessions. Reduces login frequency. Benefits of Revoke Token Protects against token misuse if a device is lost or compromised. Enables admin-triggered logouts or session control. Useful for complying with stricter session policies. With this plugin, the user is allowed to access your site’s resources only after successful WP REST API authentication. JWT Authentication for WP REST APIs plugin will make your WordPress endpoints secure from unauthorized access. Plugin Feature List FREE PLAN Authenticate only default core WordPress REST API endpoints. Basic Authentication with username and password. JWT Authentication (JSON Web Token Authentication). Enable Selective API protection. Restrict non-logged-in users to access REST API endpoints. Disable WP REST APIs PREMIUM PLAN Authenticate all REST API endpoints (Default WP, Custom APIs,Third-Party plugins) JWT Token Authentication (JSON Web Token Authentication) Login, Refresh and Revoke token endpoints for token management API Key Authentication Basic Authentication (username/password and email/password) OAuth 2.0 Authentication Universal API key and User-specific API key for authentication Selective API protection. Disable WP REST APIs Time-based token expiry Role-based WP REST API authentication Custom Header support rather than just Authorization to increase security. Create users in WordPress based on third-party provider access tokens (JWT tokens) authentication. Privacy This plugin does not store any user data.