[WordPress] 外掛分享： Kagivault

Name: Kagivault
Author: presents111

全新外掛

安裝啟用

—

尚無評分

10 天前

最後更新

—

問題解決

WordPress 7.0+ PHP 8.3+ v0.1.2 上架：2026-06-04

內容目錄

1 外掛標籤
2 開發者團隊
3 原文外掛簡介

外掛標籤

AI api keys connectors encryption ai connectors

開發者團隊

👤 presents111

⬇ 下載最新版 (v0.1.2) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Kagivault」→ 直接安裝（推薦）

📦 歷史版本下載

0.1.1 0.1.2 trunk

原文外掛簡介

Kagivault is an encrypted vault for the WordPress 7.0 AI Connectors API. Out of the box, WordPress stores the API keys you configure on Settings → Connectors (OpenAI, Anthropic, Google, OpenRouter, and any other AI provider registered with the AI Client) as plaintext rows in the wp_options table. Anyone with database access — backups, leaked dumps, host migration files — can read them.
Kagivault wraps each AI Connectors key with XChaCha20-Poly1305 (authenticated encryption) and protects the data-encryption key with a vault password derived through Argon2id. The vault password is never persisted, and the vault automatically re-locks after a short, configurable idle timeout. Unlock from the admin UI, and the WordPress AI client transparently sees the decrypted keys — no other plugin changes required.
Highlights

Drop-in encryption for every AI Connectors provider (connectors_ai_*_api_key rows)
Vault password unlock with idle-timeout auto-lock
Recovery key as a parallel unlock path
Optional: link a WordPress login password so signing in automatically unlocks the vault
Easy-mode initialization — no separate vault password to remember if you just want one-click setup
Transparent for the core WP AI client and the Connectors admin page
Versioned blob format for future cipher upgrades

Requirements

WordPress 7.0 or newer (uses the Connectors API introduced in 7.0)
PHP 8.3 or newer
PHP sodium extension with XChaCha20-Poly1305 AEAD (sodium_crypto_aead_xchacha20poly1305_ietf_encrypt)
PHP sodium extension with Argon2id (SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13, requires libsodium 1.0.13+)

The bundled sodium extension shipped with PHP 8.3+ on most platforms (Debian/Ubuntu php-sodium, RHEL php-sodium, Alpine php-sodium, Windows official builds) includes both capabilities. The plugin refuses to activate and surfaces a clear admin notice if either is unavailable.
Privacy Policy
Kagivault does NOT:

Send any data to external servers
Track users
Use cookies for tracking
Share data with third parties

Kagivault DOES:

Process and store encrypted API keys locally on your server (wp_options)
Keep the data-encryption key only in a short-lived transient that expires after the configured idle timeout

Support
For support, bug reports, or feature requests:

Website: https://github.com/benridane/kagivault

Development
Development happens on GitHub. Pull requests welcome!

Follow WordPress coding standards
All code must pass wp plugin check kagivault

文章

文章