← 回總覽

深度解析 Anthropic Claude Managed Agents 的安全组件 Vaults

📅 2026-04-11 11:22 宝玉 人工智能 4 分鐘 4055 字 評分: 91
Claude Anthropic Managed Agents Vaults AI 安全
📌 一句话摘要 本文详细介绍了 Claude Managed Agents 中用于安全管理用户凭证的 Vaults 组件及其架构设计原理。 📝 详细摘要 推文深度解析了 Anthropic 新发布的 Claude Managed Agents (CMA) 中的核心安全组件 Vaults。Vaults 解决了 Agent 代替用户操作第三方服务时的密钥管理难题。其核心设计在于:凭证存储在沙箱之外,不进入 Claude 的上下文窗口,从而免疫提示注入攻击。开发者通过创建 Vault、绑定凭证、传入 vault_id 三步即可实现安全的自动化鉴权。目前该功能已在 Notion、Sentry 等平
Skip to main content ![Image 1: LogoBestBlogs](https://www.bestblogs.dev/ "BestBlogs.dev")Toggle navigation menu Toggle navigation menuArticlesPodcastsVideosTweetsSourcesNewsletters

⌘K

Change language Switch ThemeSign In

Narrow Mode

Deep Dive into Vaults: The Security Component of Anthropic's Claude Managed Agents

Deep Dive into Vaults: The Security Component of Anthropic's Claude Managed Agents

![Image 2: 宝玉](https://www.bestblogs.dev/en/tweets?sourceId=SOURCE_2c263f) ### 宝玉

@dotey

Anthropic 昨天刚发布 Claude Managed Agents 公测,API 团队的 Michael Cohen 的科普:Agent 要替用户操作第三方服务,怎么安全地管理这些账号密钥?

答案是 Vaults。

Vaults 是 CMA 里专门管理终端用户凭证的组件。开发者给每个用户创建一个 Vault,把这个用户访问外部服务的密钥(比如 Linear 的 API Key、GitHub Token)存进去。之后每次启动 Agent 会话时,只需要传入对应的 vault_id,Anthropic 的基础设施会在 Claude 需要调用外部工具时自动注入凭证。

安全设计上有一个值得注意的细节:凭证永远不会被读进 Claude 的上下文窗口。也就是说,即使有人通过提示注入(prompt injection)试图让 Claude 泄露密钥,也拿不到,因为凭证根本不在 Claude 能"看到"的地方。Anthropic 工程博客的技术文章进一步解释了这个架构:Agent 生成的代码在沙箱里运行,而凭证存储在沙箱之外,Claude 调用 MCP 工具时通过一个专用代理(proxy)完成鉴权,harness 本身也接触不到任何凭证。

从代码示例看,整个流程三步:创建 Vault、绑定凭证到 MCP 服务器地址、在创建 Session 时传入 vault_id。对于需要让同一个 Agent 服务多个用户的 SaaS 场景,这比自己搭一套密钥管理系统省事太多了。

CMA 整体现在处于公测阶段,按 API 调用的 token 费用加每小时 0.08 美元的会话费计费。Notion、Rakuten、Asana、Sentry 已经在用了。Claude Code 里也内置了一个 claude-api Skill,可以直接在命令行里引导你完成 Vaults 的配置。Show More

!Image 3: Michael Cohen

#### Michael Cohen

@mc_anthropic · 10h ago

i wanna talk more about Claude Managed Agents and the various features that come ready-for-use in the API. i'm gonna be walking through components of CMA step-by-step. one of the biggest questions / points of confusion I've seen is auth! so lets start there.

lets talk about Vaults!Show More

!Image 4: Tweet image

8

11

146

34.2K

Apr 11, 2026, 3:22 AM View on X

6 Replies

3 Retweets

33 Likes

14.7K Views ![Image 5: 宝玉](https://www.bestblogs.dev/en/tweets?sourceid=2c263f) 宝玉 @dotey

One Sentence Summary

This post provides a detailed look at the Vaults component in Claude Managed Agents and its architectural design for secure user credential management.

Summary

The tweet offers an in-depth analysis of Vaults, a core security component in Anthropic's newly released Claude Managed Agents (CMA). Vaults solve the challenge of managing API keys when Agents act on behalf of users with third-party services. The key design ensures that credentials are stored outside the sandbox and never enter Claude's context window, making them immune to prompt injection attacks. Developers can implement secure automated authentication in three steps: creating a Vault, binding credentials, and passing a vault_id. The feature is already being used by platforms like Notion and Sentry, with billing based on session duration.

AI Score

91

Influence Score 12

Published At Today

Language

Chinese

Tags

Claude

Anthropic

Managed Agents

Vaults

AI Security HomeArticlesPodcastsVideosTweets

Deep Dive into Vaults: The Security Component of Anthropi...

查看原文 → 發佈: 2026-04-11 11:22:33 收錄: 2026-04-11 14:00:34

🤖 問 AI

針對這篇文章提問,AI 會根據文章內容回答。按 Ctrl+Enter 送出。