A 10-minute tutorial that covers how we manage servers, store AES-256 secrets, and maintain persistent AI memory in a production environment.

Why this article exists
There are now many different Ai tools out there in the market, various ways of structuring and remembering your data, and levels of control. We have found a hybrid method that is slightly different from the current code tools or cron job agentic AI bots out there.

And one that gives you back time but with complete control.

People who install VEKTOR use it for a number of different reasons; remembering things between Claude sessions is a common one. But that’s also approximately 20% of what the system can do.

The other 80% lives in three capabilities that most users install, glance at, but do not realise the true potential they are holding: the credential vault, the SSH execution layer, and the memory namespace system that ties it all together.

We call the combination hybrid memory — because it describes what’s actually happening. Local SQLite for speed. AES-256 encryption for security. Semantic recall for relevance. SSH approval gates for safety. A credential vault that keeps your secrets out of plaintext and out of your chat history. All of it wired together so that Claude goes from a capable-but-stateless assistant into something that knows your infrastructure, remembers your decisions, and asks before it does anything irreversible.

This tutorial is what we actually do every day. The commands below are the commands running against a real Ubuntu VPS right now in production.

By the end of this you will:

• Never type a password or API key into a chat window again
• Give Claude SSH access to your servers with a human-in-the-loop approval gate
• Have a memory system that knows your project decisions, your credentials map, and your server topology — and recalls them in under 8ms
• A free Claude skill file available now for anyone to get you started

Setup takes about 10 minutes. The habits take a week to form. After that, you won’t want to go back to the old world; it's just too powerful.

The mental model before we touch a terminal

Most people think of AI memory as a chat log. Long-term. Persistent. Searchable.

That’s not what this is.

A chat log is a transcript. It gets longer over time, harder to search, and eventually you’re piping ten thousand words of context into every prompt and wondering why the token costs are what they are. Transcripts don’t age well. They don’t distinguish between a decision you made last week and a half-formed idea you typed at 2am and never followed up on.

VEKTOR Memory treats memory the way it actually needs to be treated:

MEMORY ARCHITECTURE

LAYER 1 — WORKING MEMORY (current session)
The active conversation. Fast, temporary. Cleared on session end.
Equivalent: what's in your head right now.
LAYER 2 — EPISODIC MEMORY (vektor_store / vektor_recall)
Facts, decisions, project notes stored from past sessions.
Retrieved by semantic relevance, not keyword match.
Equivalent: "I remember we discussed this last month."
LAYER 3 — SEMANTIC MEMORY (vektor_recall_rrf)
Dual-channel: BM25 keyword + vector search, fused via RRF.
Equivalent: "This reminds me of three other things you've mentioned."
LAYER 4 — CREDENTIAL VAULT (cloak_passport)
AES-256 encrypted. Separate subsystem. Never appears in recall.
Equivalent: a locked safe that only opens when you ask for a specific key.
BACKGROUND — REM CONSOLIDATION (vektor_ingest)
Runs between sessions. Deduplicates. Resolves contradictions.
Decays stale facts. Surfaces patterns.
After six months: not 1,000 raw memories. A compressed model of your work.

The credential vault and the memory store are separate subsystems that never cross. Your API keys never appear in a vektor_recall result. Your server topology memories never expose your SSH credentials. This separation is architectural — it's the thing that makes the whole system safe to actually use.

The credential vault (cloak_passport)

The most common security mistake in AI-assisted development: typing secrets into the chat window.

You do it because it’s convenient. You paste your Anthropic API key, your server password, your OAuth token. The assistant uses it. The session ends. The token is now in your chat history, in your browser’s local storage, potentially in training data you didn’t consent to.

cloak_passport exists specifically to prevent this. It's an AES-256 encrypted key-value vault that lives locally on your machine. You set a value once. Every subsequent session, Claude retrieves it by name — and the raw value never touches the chat window.

CREDENTIAL VAULT STRUCTURE
──────────────────────────────────────────────────────────────────────────
┌─────────────────────────────────────────────────────────────────────┐
│ cloak_passport vault (AES-256, local SQLite) │
│ │
│ KEY VALUE (encrypted, never shown in recall) │
│ ───────────────────── ────────────────────────────────────────── │
│ vps-vektor -----BEGIN RSA PRIVATE KEY----- ... │
│ anthropic-key sk-ant-api03-... │
│ x-bearer-token AAAAAAAAAAAAAAAAAAAAAAAAAAq... │
│ cloudflare-token cfut_5I4cpDUqedf6jy... │
│ db-password [encrypted] │
│ │
│ Access: explicit get/set only │
│ Never appears in: vektor_recall, vektor_search, vektor_context │
└─────────────────────────────────────────────────────────────────────┘

Why AES-256 actually means something

AES-256 is the encryption standard used by the US government to protect classified information, and it’s worth understanding why that matters rather than treating it as a marketing bullet point.

The “256” refers to the key length — 256 bits, which means there are ²²⁵⁶ possible keys. To put that number in context: if every atom in the observable universe were a computer running a trillion attempts per second since the Big Bang, you would have checked an almost incomprehensibly small fraction of the keyspace by now.

Brute-force is not a viable attack. The only currently known approach that meaningfully threatens AES-256 is Grover’s algorithm running on a sufficiently large quantum computer — which would reduce the effective security to AES-128 equivalent, still widely considered unbreakable in practice.

We are not there yet.

The quantum computers that exist in 2026 are nowhere near the scale needed to run Grover’s algorithm against a 256-bit key in any useful timeframe. Your credentials are encrypted at rest with a key derived from your passphrase via PBKDF2 — a slow, intentionally expensive key derivation function that makes offline dictionary attacks prohibitively costly even if someone obtains the raw database file.

The practical upshot: if your machine is compromised, your cloak_passport vault is not automatically compromised with it. An attacker who steals your SQLite file gets encrypted noise without your passphrase — and brute-forcing that passphrase is, by design, extremely slow.

Setting up your first credentials

In Claude, ask it to store your SSH key

Claude will call cloak_passport internally — you never see the raw key in chat

"Store my VPS SSH key as 'vps-myserver' in cloak_passport"

Store an API key

"Store my Anthropic API key as 'anthropic-key' in cloak_passport"

Store a database password

"Store my Postgres password as 'db-prod' in cloak_passport"
Retrieving credentials in subsequent sessions

You never need to paste the key again. Claude calls:

cloak_passport({ action: "get", key: "vps-myserver" })

The value is used internally. It never appears in the response.

You see: "Retrieved SSH key. Connecting to server..."

You do NOT see: the actual key material.

What this looks like in practice

Before cloak_passport, a session that needed server access looked like this:

“Here’s my SSH key: — — -BEGIN RSA PRIVATE KEY — — — MIIEpAIBAAKCAQEA…”

After cloak_passport, it looks like this:

“Connect to my VPS and check the nginx error log.”

That’s the entire change from the user’s side. Claude knows where to find the key. The key never enters the conversation, as it is an input from the CLI tool locally. This is not a minor convenience — it’s the difference between a system you can actually trust and one you’re hoping doesn’t leak.

Hybrid memory: sessions that remember

The word “hybrid” here is specific. It means two things running in parallel:

Local storage — your memories live on your machine, in an encrypted SQLite file. Not in a cloud database. Not on our servers. Yours.
Semantic retrieval — memories are indexed as vectors, not just keywords. When you recall something, you get the most relevant memories for the current context, not the most recently typed ones.
The combination means your Claude session can walk into a conversation about your VPS nginx configuration and immediately surface the decisions you made three weeks ago about why port 3001 is proxied that way — without you having to explain it again.

The namespace system

Not all memories are the same. Work decisions shouldn’t mix with personal notes. Project context shouldn’t bleed into another project. VEKTOR uses namespaces to enforce this:

NAMESPACE ARCHITECTURE
──────────────────────────────────────────────────────────────────────────
work:vektormemory → project decisions, architecture notes, deploys
work:trading-bot → separate project, isolated context
private → personal preferences, private context
public → general knowledge, non-sensitive patterns
Query: "what do I know about the nginx config?"
Result: work:vektormemory memories only
↳ private notes: not included
↳ credentials: never included
↳ other projects: not included
──────────────────────────────────────────────────────────────────────────
How to store a memory

After making a decision, tell Claude to remember it:

"Remember that we proxy port 3001 to vektor-server and
port 3002 to mistral-bridge. Never expose these directly."

Claude calls internally:

vektor_store({
text: "Port 3001 → vektor-server (Node). Port 3002 → mistral-bridge.
Neither exposed directly — always proxied via nginx.",
namespace: "work:vektormemory",
importance: 4,
tags: ["nginx", "infrastructure", "ports"]
})
How recall works across sessions

New session. You say:

"What's our port configuration?"

Claude calls:

vektor_recall({ query: "port configuration nginx proxy" })

Gets back:

"Port 3001 → vektor-server (Node). Port 3002 → mistral-bridge..."

Stored 3 weeks ago. Retrieved in 8ms. You never had to repeat it.

The REM consolidation loop

Every session end triggers a background process that treats your memory the way sleep treats your brain. It deduplicates redundant entries, resolves contradictions (if you stored “we use OpenAI” and later “we switched to Anthropic”, the contradiction is flagged and resolved), and decays stale facts that haven’t been accessed in months.

The result: your memory store gets better with use, not noisier. After six months, you have a precise, compressed model of your work — not a 50,000-item dump of everything you ever typed.

SSH without fear (cloak_ssh_exec)
This is the capability most people are nervous about. Giving Claude SSH access to a production server sounds like something you’d have to be either very confident or very reckless to do.

This is where the HITL (human in the loop) comes in and is built differently from Hermes or OpenClaw derivatives; it is not a cron job loop.

The tier system is what makes it safe:

Setup: storing your SSH key

Store your key in cloak_passport (one time, ever):

"Store my SSH private key for my VPS as 'vps-myserver' in cloak_passport"

From then on, every SSH command uses it by name:

cloak_ssh_exec({
host: "your.server.ip",
username: "ubuntu",
keyName: "vps-myserver", ← key name, not the key itself
command: "sudo nginx -t"
})
A real workflow: checking your server

You: "Check the nginx error log on my VPS"
Claude:
[TIER: READ — auto-executing]
→ sudo tail -50 /var/log/nginx/error.log
→ Returns: last 50 lines of errors
[No approval needed. Read-only.]
You: "Fix the SSL certificate renewal cron"
Claude:
[TIER: WRITE — requires approval]
Preview: sudo crontab -e (modifies crontab)
Backup: /tmp/crontab.bak created
→ Waiting for your approval...
You: approve
Claude:
→ Command executed
→ Backup stored at /tmp/crontab.bak
→ Rollback key: abc123 (call cloak_ssh_rollback if needed)
Multi-step plans with cloak_ssh_plan

For deployments or larger operations, you don’t approve command-by-command. You approve a plan:

You: "Deploy the new nginx config and reload"
Claude:
[SSH PLAN — 3 steps]
Step 1 (READ): nginx -t (test config) — auto-executes
Step 2 (WRITE): cp nginx.conf /etc/nginx/ — needs approval
Step 3 (WRITE): systemctl reload nginx — needs approval

Approve all? [yes/no]
You: yes

Claude executes in order.
If step 2 fails, step 3 does not run.
Backup of nginx.conf taken before step 2.
Rollback key provided.

This is the pattern we use for every VPS change. Not because we don’t trust Claude to make good decisions — it usually does — but because the approval gate forces a moment of deliberate review that catches mistakes before they matter.

How the three systems work together
Individually, each tool is useful. Together, they produce something qualitatively different: an AI session that walks in knowing your infrastructure, retrieves your credentials from a vault, operates your servers safely, and stores what it learned for next time.

Look at it like a hybrid Codex or Claude code session but with gates and it can be used in Claude Cowork as well as a power extension.

Here’s what a real morning session looks like:

1. ORIENTATION (automatic) Claude calls vektor_recall("vps nginx blog deployment") → Gets back: port config, recent changes, pending issues from last session → No briefing needed from you. It already knows where it left off.
2. CREDENTIAL RETRIEVAL (on demand, never in chat) Claude calls cloak_passport.get("vps-myserver") → Gets SSH key internally → Connects to server → You never see the key
3. DIAGNOSIS (READ tier, automatic) sudo tail -20 /var/log/nginx/error.log systemctl status vektor-server df -h → All auto-execute. Results returned. No approval flow.
4. FIX (WRITE tier, approval required) "The disk is at 94%. Clean up old logs?" → Preview shown. You approve. → find /var/log -name "*.gz" -mtime +30 -delete → Backup taken. Rollback key issued.
5. MEMORY UPDATE (automatic on session end) vektor_store("Disk was 94% full on 2026-05-26. Cleaned old compressed logs. Now 71%.") → Next session, Claude knows this happened. → You don't have to explain it again. ────────────────────────────────────────────────────────────────────────── The mental shift is from “I need to brief Claude on my setup every session” to “Claude already knows my setup and asks before it changes anything.”

Setup: getting started in 10 minutes
Step 1 — Install VEKTOR

npm install -g vektor-slipstream
vektor activate YOUR_LICENCE_KEY
Step 2 — Run the setup wizard

vektor setup

vektor activate 09A7R1d5-xxxxxxxxxxxxxxxx
The wizard handles MCP registration automatically. It writes the correct entry to your claude_desktop_config.json. Restart Claude Desktop after it completes.

Step 3 — Store your first credentials

Open a Claude session and say:

"Store my VPS SSH private key as 'vps-main' in cloak_passport"
Claude will prompt you to paste the key. It stores it encrypted. That’s the last time you ever paste it.

Step 4 — Store your first memory

"Remember that my main VPS is at [your IP], runs Ubuntu 22,
and uses nginx as a reverse proxy for a Node.js app on port 3001."
Done. Next session, Claude will know this without you repeating it.

Step 5 — Test SSH access

"Connect to my VPS using the vps-main key and run df -h"
If it works, you’ll get your disk usage back. READ tier — auto-executed, no approval needed. Exactly as it should be.

Step 6 — Run your first write command

"Connect to my VPS and add a comment to the top of /etc/nginx/nginx.conf"
You’ll see the approval flow trigger. The file backs up. You approve. The comment is added. A rollback key is issued.

That’s the full loop.

What you have now

Most Claude users are operating with a powerful engine and the handbrake on. They retype their setup every session, paste secrets into chat windows, and run commands without a safety net, once you have configured your skill file, passport keys and given Claude control, it goes to work only pausing if tasks need HITL approvals.

You now have:

A credential vault that keeps your SSH keys, API tokens, and passwords out of chat history—permanently
A memory system that learns your infrastructure, project decisions, and working patterns and recalls them in under 8ms without you prompting it
SSH access with a three-tier approval gate that auto-executes safe commands, requires confirmation for anything that changes state, and creates rollback snapshots before anything destructive
The system compounds. The more you use it, the more it knows. The more it knows, the less you have to explain. The less you explain, the faster you move.

That’s the actual value of a second brain. Not that it stores things. That it means you never have to think about them again.

Access to Jot/Chat notes are also included:

Jot Note Gui

The free skill file is here for anyone to use: https://vektormemory.com/downloads

VEKTOR Memory is available at vektormemory.com. The MCP server, credential vault, and SSH tools are included in every plan.

Generative Ai Tools
AI
Aes 256
Ai Memory
Password Management