A 10-minute tutorial that covers how we manage servers, store AES-256 secrets, and maintain persistent AI memory in a production environment.
Why this article exists
There are now many different Ai tools out there in the market, various ways of structuring and remembering your data, and levels of control. We have found a hybrid method that is slightly different from the current code tools or cron job agentic AI bots out there.
And one that gives you back time but with complete control.
People who install VEKTOR use it for a number of different reasons; remembering things between Claude sessions is a common one. But thatβs also approximately 20% of what the system can do.
The other 80% lives in three capabilities that most users install, glance at, but do not realise the true potential they are holding: the credential vault, the SSH execution layer, and the memory namespace system that ties it all together.
We call the combination hybrid memory β because it describes whatβs actually happening. Local SQLite for speed. AES-256 encryption for security. Semantic recall for relevance. SSH approval gates for safety. A credential vault that keeps your secrets out of plaintext and out of your chat history. All of it wired together so that Claude goes from a capable-but-stateless assistant into something that knows your infrastructure, remembers your decisions, and asks before it does anything irreversible.
This tutorial is what we actually do every day. The commands below are the commands running against a real Ubuntu VPS right now in production.
By the end of this you will:
Setup takes about 10 minutes. The habits take a week to form. After that, you wonβt want to go back to the old world; it's just too powerful.
The mental model before we touch a terminal
Most people think of AI memory as a chat log. Long-term. Persistent. Searchable.
Thatβs not what this is.
A chat log is a transcript. It gets longer over time, harder to search, and eventually youβre piping ten thousand words of context into every prompt and wondering why the token costs are what they are. Transcripts donβt age well. They donβt distinguish between a decision you made last week and a half-formed idea you typed at 2am and never followed up on.
VEKTOR Memory treats memory the way it actually needs to be treated:
MEMORY ARCHITECTURE
LAYER 1 β WORKING MEMORY (current session)
The active conversation. Fast, temporary. Cleared on session end.
Equivalent: what's in your head right now.
LAYER 2 β EPISODIC MEMORY (vektor_store / vektor_recall)
Facts, decisions, project notes stored from past sessions.
Retrieved by semantic relevance, not keyword match.
Equivalent: "I remember we discussed this last month." LAYER 3 β SEMANTIC MEMORY (vektor_recall_rrf)
Dual-channel: BM25 keyword + vector search, fused via RRF.
Equivalent: "This reminds me of three other things you've mentioned." LAYER 4 β CREDENTIAL VAULT (cloak_passport)
AES-256 encrypted. Separate subsystem. Never appears in recall.
Equivalent: a locked safe that only opens when you ask for a specific key.
BACKGROUND β REM CONSOLIDATION (vektor_ingest)
Runs between sessions. Deduplicates. Resolves contradictions.
Decays stale facts. Surfaces patterns.
After six months: not 1,000 raw memories. A compressed model of your work.
The credential vault and the memory store are separate subsystems that never cross. Your API keys never appear in a vektor_recall result. Your server topology memories never expose your SSH credentials. This separation is architectural β it's the thing that makes the whole system safe to actually use.
The credential vault (cloak_passport)
The most common security mistake in AI-assisted development: typing secrets into the chat window.
You do it because itβs convenient. You paste your Anthropic API key, your server password, your OAuth token. The assistant uses it. The session ends. The token is now in your chat history, in your browserβs local storage, potentially in training data you didnβt consent to.
cloak_passport exists specifically to prevent this. It's an AES-256 encrypted key-value vault that lives locally on your machine. You set a value once. Every subsequent session, Claude retrieves it by name β and the raw value never touches the chat window.
CREDENTIAL VAULT STRUCTURE
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β cloak_passport vault (AES-256, local SQLite) β β β
β KEY VALUE (encrypted, never shown in recall) β
β βββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββ β
β vps-vektor -----BEGIN RSA PRIVATE KEY----- ... β
β anthropic-key sk-ant-api03-... β
β x-bearer-token AAAAAAAAAAAAAAAAAAAAAAAAAAq... β
β cloudflare-token cfut_5I4cpDUqedf6jy... β
β db-password [encrypted] β β β
β Access: explicit get/set only β
β Never appears in: vektor_recall, vektor_search, vektor_context β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Why AES-256 actually means something
AES-256 is the encryption standard used by the US government to protect classified information, and itβs worth understanding why that matters rather than treating it as a marketing bullet point.
The β256β refers to the key length β 256 bits, which means there are Β²Β²β΅βΆ possible keys. To put that number in context: if every atom in the observable universe were a computer running a trillion attempts per second since the Big Bang, you would have checked an almost incomprehensibly small fraction of the keyspace by now.
Brute-force is not a viable attack. The only currently known approach that meaningfully threatens AES-256 is Groverβs algorithm running on a sufficiently large quantum computer β which would reduce the effective security to AES-128 equivalent, still widely considered unbreakable in practice.
We are not there yet.
The quantum computers that exist in 2026 are nowhere near the scale needed to run Groverβs algorithm against a 256-bit key in any useful timeframe. Your credentials are encrypted at rest with a key derived from your passphrase via PBKDF2 β a slow, intentionally expensive key derivation function that makes offline dictionary attacks prohibitively costly even if someone obtains the raw database file.
The practical upshot: if your machine is compromised, your cloak_passport vault is not automatically compromised with it. An attacker who steals your SQLite file gets encrypted noise without your passphrase β and brute-forcing that passphrase is, by design, extremely slow.
Setting up your first credentials
"Store my VPS SSH key as 'vps-myserver' in cloak_passport"
"Store my Anthropic API key as 'anthropic-key' in cloak_passport"
"Store my Postgres password as 'db-prod' in cloak_passport"
Retrieving credentials in subsequent sessions
cloak_passport({ action: "get", key: "vps-myserver" }) What this looks like in practice
Before cloak_passport, a session that needed server access looked like this:
βHereβs my SSH key: β β -BEGIN RSA PRIVATE KEY β β β MIIEpAIBAAKCAQEAβ¦β
After cloak_passport, it looks like this:
βConnect to my VPS and check the nginx error log.β
Thatβs the entire change from the userβs side. Claude knows where to find the key. The key never enters the conversation, as it is an input from the CLI tool locally. This is not a minor convenience β itβs the difference between a system you can actually trust and one youβre hoping doesnβt leak.
Hybrid memory: sessions that remember
The word βhybridβ here is specific. It means two things running in parallel:
Local storage β your memories live on your machine, in an encrypted SQLite file. Not in a cloud database. Not on our servers. Yours.
Semantic retrieval β memories are indexed as vectors, not just keywords. When you recall something, you get the most relevant memories for the current context, not the most recently typed ones.
The combination means your Claude session can walk into a conversation about your VPS nginx configuration and immediately surface the decisions you made three weeks ago about why port 3001 is proxied that way β without you having to explain it again.
The namespace system
Not all memories are the same. Work decisions shouldnβt mix with personal notes. Project context shouldnβt bleed into another project. VEKTOR uses namespaces to enforce this:
NAMESPACE ARCHITECTURE
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
work:vektormemory β project decisions, architecture notes, deploys
work:trading-bot β separate project, isolated context
private β personal preferences, private context
public β general knowledge, non-sensitive patterns
Query: "what do I know about the nginx config?"
Result: work:vektormemory memories only
β³ private notes: not included
β³ credentials: never included
β³ other projects: not included
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
How to store a memory
"Remember that we proxy port 3001 to vektor-server and
port 3002 to mistral-bridge. Never expose these directly."
vektor_store({
text: "Port 3001 β vektor-server (Node). Port 3002 β mistral-bridge.
Neither exposed directly β always proxied via nginx.",
namespace: "work:vektormemory",
importance: 4,
tags: ["nginx", "infrastructure", "ports"]
})
How recall works across sessions
"What's our port configuration?"
vektor_recall({ query: "port configuration nginx proxy" })
"Port 3001 β vektor-server (Node). Port 3002 β mistral-bridge..."
The REM consolidation loop
Every session end triggers a background process that treats your memory the way sleep treats your brain. It deduplicates redundant entries, resolves contradictions (if you stored βwe use OpenAIβ and later βwe switched to Anthropicβ, the contradiction is flagged and resolved), and decays stale facts that havenβt been accessed in months.
The result: your memory store gets better with use, not noisier. After six months, you have a precise, compressed model of your work β not a 50,000-item dump of everything you ever typed.
SSH without fear (cloak_ssh_exec) This is the capability most people are nervous about. Giving Claude SSH access to a production server sounds like something youβd have to be either very confident or very reckless to do.
This is where the HITL (human in the loop) comes in and is built differently from Hermes or OpenClaw derivatives; it is not a cron job loop.
The tier system is what makes it safe:
THE THREE-TIER EXECUTION MODEL
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TIER: READ
Auto-executes. No approval needed.
Examples: ls, cat, ps, df, grep, curl GET, nginx -t, systemctl status
Risk level: zero. You can't break anything by reading.
TIER: WRITE
Requires your explicit approval before running.
Auto-backs up affected files before execution.
Examples: sed -i, nginx reload, npm install, writing configs, curl POST
Risk level: low-medium. Reversible with the backup.
TIER: DESTRUCTIVE
Requires approval + creates full rollback snapshot.
Examples: rm -rf, DROP TABLE, crontab -r, systemctl disable Risk level: high. But you have a rollback key.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Every command is classified automatically before it runs. You never have to decide the tier β the system does it. What you decide is whether to approve the ones that need approval.
Setup: storing your SSH key
"Store my SSH private key for my VPS as 'vps-myserver' in cloak_passport"
cloak_ssh_exec({
host: "your.server.ip",
username: "ubuntu",
keyName: "vps-myserver", β key name, not the key itself
command: "sudo nginx -t"
})
A real workflow: checking your server
You: "Check the nginx error log on my VPS" Claude:
[TIER: READ β auto-executing] β sudo tail -50 /var/log/nginx/error.log
β Returns: last 50 lines of errors
[No approval needed. Read-only.]
You: "Fix the SSL certificate renewal cron"
Claude:
[TIER: WRITE β requires approval]
Preview: sudo crontab -e (modifies crontab)
Backup: /tmp/crontab.bak created
β Waiting for your approval...
You: approve
Claude:
β Command executed
β Backup stored at /tmp/crontab.bak
β Rollback key: abc123 (call cloak_ssh_rollback if needed) Multi-step plans with cloak_ssh_plan
For deployments or larger operations, you donβt approve command-by-command. You approve a plan:
You: "Deploy the new nginx config and reload"
Claude:
[SSH PLAN β 3 steps]
Step 1 (READ): nginx -t (test config) β auto-executes
Step 2 (WRITE): cp nginx.conf /etc/nginx/ β needs approval
Step 3 (WRITE): systemctl reload nginx β needs approval
Approve all? [yes/no]
You: yes
Claude executes in order.
If step 2 fails, step 3 does not run. Backup of nginx.conf taken before step 2.
Rollback key provided.
This is the pattern we use for every VPS change. Not because we donβt trust Claude to make good decisions β it usually does β but because the approval gate forces a moment of deliberate review that catches mistakes before they matter.
How the three systems work together
Individually, each tool is useful. Together, they produce something qualitatively different: an AI session that walks in knowing your infrastructure, retrieves your credentials from a vault, operates your servers safely, and stores what it learned for next time.
Look at it like a hybrid Codex or Claude code session but with gates and it can be used in Claude Cowork as well as a power extension.
Hereβs what a real morning session looks like:
Setup: getting started in 10 minutes
Step 1 β Install VEKTOR
npm install -g vektor-slipstream vektor activate YOUR_LICENCE_KEY
Step 2 β Run the setup wizard
vektor setup
vektor activate 09A7R1d5-xxxxxxxxxxxxxxxx
The wizard handles MCP registration automatically. It writes the correct entry to your claude_desktop_config.json. Restart Claude Desktop after it completes.
Step 3 β Store your first credentials
Open a Claude session and say:
"Store my VPS SSH private key as 'vps-main' in cloak_passport"
Claude will prompt you to paste the key. It stores it encrypted. Thatβs the last time you ever paste it.
Step 4 β Store your first memory
"Remember that my main VPS is at [your IP], runs Ubuntu 22,
and uses nginx as a reverse proxy for a Node.js app on port 3001."
Done. Next session, Claude will know this without you repeating it.
Step 5 β Test SSH access
"Connect to my VPS using the vps-main key and run df -h"
If it works, youβll get your disk usage back. READ tier β auto-executed, no approval needed. Exactly as it should be. Step 6 β Run your first write command
"Connect to my VPS and add a comment to the top of /etc/nginx/nginx.conf"
Youβll see the approval flow trigger. The file backs up. You approve. The comment is added. A rollback key is issued.
Thatβs the full loop.
What you have now
Most Claude users are operating with a powerful engine and the handbrake on. They retype their setup every session, paste secrets into chat windows, and run commands without a safety net, once you have configured your skill file, passport keys and given Claude control, it goes to work only pausing if tasks need HITL approvals.
You now have:
A credential vault that keeps your SSH keys, API tokens, and passwords out of chat historyβpermanently
A memory system that learns your infrastructure, project decisions, and working patterns and recalls them in under 8ms without you prompting it
SSH access with a three-tier approval gate that auto-executes safe commands, requires confirmation for anything that changes state, and creates rollback snapshots before anything destructive
The system compounds. The more you use it, the more it knows. The more it knows, the less you have to explain. The less you explain, the faster you move.
Thatβs the actual value of a second brain. Not that it stores things. That it means you never have to think about them again.
Access to Jot/Chat notes are also included:
Jot Note Gui
The free skill file is here for anyone to use: https://vektormemory.com/downloads
VEKTOR Memory is available at vektormemory.com. The MCP server, credential vault, and SSH tools are included in every plan.
Generative Ai Tools
AI
Aes 256
Ai Memory
Password Management