Resurgamus Horizon
A self-hosted secrets vault. Encrypted, auditable, revocable credentials for your automations and your AI agents.
≈ 1 minute to a free try, on your own machine:
curl -fsSL https://raw.githubusercontent.com/JR-Shdw/Horizon/main/tools/quickstart-laptop.sh | bash
See it live
The real application, running in your browser on demo data. Watch the tour or take the controls, nothing is installed and no real secrets are involved.
The problem
Millions of people paste client credentials into a chat window or leave them in a plaintext .env file. It works, until it does not: no audit trail, no revocation, no idea who read what. As AI assistants get plugged into real workflows, that surface only grows.
The same thing, but auditable and revocable
Horizon keeps your secrets encrypted and only releases them to the apps and people you have granted access to. Every read is written to a tamper-evident log. Give an AI agent access to one client folder, watch what it reads, revoke it in one click. You host it: nobody else holds your keys.
What it does
Encrypted vault
Proven crypto primitives (libsodium). Each secret has its own key; the master key never touches disk.
Sealed by default
After a reboot nothing is readable until a human unlocks it. 2FA via security key, TOTP or YubiKey.
Tamper-evident audit
Every read and write is chained and signed. Exportable per client for reporting.
Built for AI agents
Native MCP integration for Claude, Cursor and others. The agent sees tool names, never the raw vault.
Short-lived credentials
Dynamic secrets for PostgreSQL, MySQL and LDAP with automatic expiry. No long-lived password lying around.
Yours, and open
AGPL-3.0, no SaaS dependency, no vendor lock-in. Runs on Linux, macOS, BSD, and Windows via WSL/Docker (native support coming soon).
Ready for the post-quantum era
Quantum computers will one day break classical encryption. Horizon's core is already resistant: post-quantum storage primitives, hybrid TLS (X25519MLKEM768), and a PKI that signs with ml-dsa-65 (FIPS 204). Your secrets stay protected, today and tomorrow.
Built for AI agents (MCP)
Your AI assistant connects through the Model Context Protocol: a scoped, audited, revocable door into the vault. It never sees your raw secrets.
The model sees tool names, never vault endpoints. No write tools. Every read is attributed to the agent's own token in the audit chain.
One secret, three ways
Scriptable, API-first, and a UI. Create the same secret from your terminal, your code, or the browser.
curl -X POST \
-H "Authorization: Bearer rh_…" \
-H "Content-Type: application/json" \
-d '{"name":"stripe-key",
"value":"sk_live_…",
"namespace":"clients"}' \
https://vault.lan/…/secrets/
→ 201 Created
Who it is for
From the solo developer to multi-site, highly available infrastructure. Horizon is a professional-grade vault: HA clustering (Patroni, replication, automatic failover), Docker or Kubernetes deployment, agents for every OS (Linux, macOS, BSD, Windows), quantum-resistant encryption, built-in PKI, dynamic secrets, LDAP/SSO and a tamper-evident audit chain. The same rigor as the big players, whether you run three scripts or a thousand servers.
NIS2 and CRA
Horizon helps entities subject to NIS2 implement several risk-management measures: secrets and privileged-access management, encryption, MFA, and an audit log for traceability and incident detection.
Horizon helps makers of digital products meet their own CRA obligations, by keeping secrets out of their code and providing auditable access management.
Horizon is a tool that helps with compliance; it is not itself a certification.
Try it, take back control of your secrets
Horizon is free and open source. The code and the full documentation live on GitHub.