UnveilPass Integrations Guide: CLI, SDKs, VS Code, Slack and Agent Gateway

← Back to Blog

UnveilPass started as a browser password manager, but today it reaches far beyond the browser. Developers, DevOps engineers and teams now need to access credentials from terminals, CI/CD pipelines, Python and Node.js scripts, code editors and chat platforms. To cover these use cases, UnveilPass ships six official integrations — all built on top of the same zero-knowledge vault.

This guide walks through every integration that is available today, with installation steps and practical usage examples. All of them preserve the zero-knowledge architecture: the server never sees plaintext credentials, and decryption happens on the client (or is explicitly approved through the Agent Gateway).

Overview

Here is a quick comparison to help you pick the right tool before diving into installation details:

Integration	Best For	Plan
CLI	Terminals, shell scripts, DevOps workflows	Free & Pro
Python SDK	Python apps, data pipelines, automation	Pro
Node.js SDK	JavaScript/TypeScript apps, serverless functions	Pro
VS Code Extension	Coding sessions, inline credential access	Free & Pro
Slack Bot	Team workflows, password generation on demand	Free & Pro
Agent Gateway (REST API)	CI/CD, AI agents, any language without an SDK	Pro

1. Command Line (CLI)

The UnveilPass CLI is a single Go binary that brings your vault to the terminal. It authenticates with an API key and supports searching, retrieving, copying to the clipboard, generating passwords and sending files via SecureSend.

Installation

go install github.com/UnveilTech/unveilpass-cli@latest

If you do not have Go installed, precompiled binaries are available in the GitHub releases. Once installed, authenticate with an API key generated from your account settings:

unveilpass login --api-key UVP_xxxxxxxxxxxxxxxx

The config is saved to ~/.unveilpass/config.json with mode 0600 (readable only by your user).

Usage

# Fetch a credential by site name
unveilpass get github.com

# Search the vault
unveilpass search "staging database"

# List entries, optionally filtered by folder
unveilpass list --folder "AWS"

# Copy a password to the clipboard
unveilpass copy aws-prod

# Generate a password (default 16 chars) or a passphrase
unveilpass gen --length 24
unveilpass gen --passphrase

# Send an encrypted file via SecureSend
unveilpass send report.pdf --ttl 24h --pin 482910 --max-downloads 1

# List active SecureSends
unveilpass sends

2. Python SDK

The Python SDK wraps the Agent Gateway and SecureSend endpoints. It is useful whenever you need to request a credential from inside a Python script with human-in-the-loop approval, or send a file with end-to-end encryption.

Installation

pip install unveilpass pycryptodome

pycryptodome is required for the client-side AES-256-GCM encryption used by SecureSend.

Usage

from unveilpass import UnveilPass

client = UnveilPass(
    api_url="https://unveilpass.com",
    agent_key="uvp_agent_xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
)

# Request a credential — blocks until the manager approves
# or the timeout expires (default 60 seconds).
cred = client.get_credential(
    entry_id="b0f1...",
    reason="Deploying staging",
    ttl=300,
)
print(cred["username"], cred["password"])

# Send an encrypted file via SecureSend
link = client.send_file(
    "report.pdf",
    ttl_hours=24,
    pin="482910",
    message="Quarterly report",
    max_downloads=1,
)
print(link["url"])

3. Node.js SDK

The Node.js SDK mirrors the Python SDK for JavaScript and TypeScript projects. It has zero runtime dependencies beyond Node's built-in crypto module.

Installation

npm install @unveilpass/sdk

Usage

import { UnveilPass } from '@unveilpass/sdk';

const client = new UnveilPass({
  apiUrl: 'https://unveilpass.com',
  agentKey: 'uvp_agent_xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
});

// Request a credential
const cred = await client.getCredential({
  entryId: 'b0f1...',
  reason: 'Deploying staging',
  ttl: 300,
});
console.log(cred.username, cred.password);

// Send an encrypted file
const link = await client.sendFile('report.pdf', {
  ttlHours: 24,
  pin: '482910',
  message: 'Quarterly report',
  maxDownloads: 1,
});
console.log(link.url);

Both SDKs are published on their respective package registries (pypi.org and npmjs.com). Source code is available on GitHub under UnveilTech/unveilpass-python and UnveilTech/unveilpass-node.

4. VS Code Extension

The VS Code extension brings the vault directly into your editor. It is useful during coding sessions where you regularly need API keys, database passwords or SSH credentials without leaving the IDE.

Installation

Open the Command Palette (Ctrl+P or Cmd+P) and run:

ext install UnveilTech.unveilpass

Or install directly from the VS Code Marketplace. After installation, sign in from the extension sidebar with your email and master password.

Usage

The Free plan gives you a password generator (fixed 20 characters) with Copy and "Insert at cursor" actions. The Pro plan unlocks the full experience:

• Sidebar vault with your folders, searchable in real time
• Get credential — click an entry to copy the password, or insert the username/password pair at the cursor
• Custom length password generator and passphrase generator
• SecureSend — right-click any file in the Explorer and choose Send via SecureSend
• Status bar showing your entry count and lock state

5. Slack Bot

The UnveilPass Slack bot adds a /unveilpass slash command to your workspace. Anyone in the channel can generate a secure password in one step, and Pro users can retrieve credentials or send SecureSends without leaving Slack.

Installation

Visit the Integrations page and click Add to Slack. The OAuth flow installs the bot into your workspace and asks for permission to use the slash command. No server-side configuration is required on your end.

Usage

# Generate a 12-character password (Free, ephemeral message)
/unveilpass gen

# Generate a 24-character password (Pro)
/unveilpass gen 24

# Generate a passphrase (Pro)
/unveilpass passphrase

# Look up a vault entry (Pro)
/unveilpass get github.com

By default, responses are sent as ephemeral messages visible only to the user who ran the command, so passwords never leak into the channel history. Pro users can link their Slack workspace to their UnveilPass account to unlock vault access and SecureSend.

6. Agent Gateway (REST API)

The Agent Gateway is the lowest-level integration and the most powerful. It lets any HTTP client — curl, an AI agent, a CI/CD runner, a custom Go/Rust/Java service — request a credential with human-in-the-loop approval. This is the foundation that both SDKs are built on.

How it works

1. A manager generates an Agent Key in the Manager Console, scoping it to specific entries or folders and optionally an IP whitelist.
2. Your script sends a POST /agent/request with an X-Agent-Key header specifying which entry it needs and a reason.
3. The manager receives a notification and either approves or denies the request in their console. Approved credentials are re-encrypted client-side and sent to the agent.
4. Your script polls the request until status is approved, then fetches the one-time credential from GET /agent/credential/{id}.

Usage (curl)

# 1. Open a request
REQUEST=$(curl -s -X POST https://unveilpass.com/api/agent/request \
  -H "X-Agent-Key: uvp_agent_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"entry_id":"b0f1...","reason":"Deploy staging","ttl_seconds":300}')
REQUEST_ID=$(echo $REQUEST | jq -r .id)

# 2. Wait for approval (poll every 2 seconds)
while true; do
  STATUS=$(curl -s https://unveilpass.com/api/agent/request/$REQUEST_ID \
    -H "X-Agent-Key: uvp_agent_xxxxxxxxxxxxxxxxxxxx" | jq -r .status)
  [ "$STATUS" = "approved" ] && break
  [ "$STATUS" = "denied" ] && exit 1
  sleep 2
done

# 3. Fetch the credential (one-time consumption)
curl -s https://unveilpass.com/api/agent/credential/$REQUEST_ID \
  -H "X-Agent-Key: uvp_agent_xxxxxxxxxxxxxxxxxxxx"

Agent Keys support an auto-approve flag for trusted CI/CD pipelines that cannot wait for human input, and the full flow is logged to the audit trail (agent.request, agent.approve, agent.credential). If your SIEM is configured, every approval is forwarded automatically.

Choosing the Right Integration

Here is a practical decision guide based on the most common scenarios we see:

• You live in the terminal. Install the CLI. It is the fastest way to fetch, copy or generate credentials without context switching.
• You write Python or Node.js automation. Use the matching SDK. They handle polling, timeouts and SecureSend encryption for you.
• You code in VS Code all day. Install the extension and stop alt-tabbing to your password manager.
• Your team coordinates in Slack. Add the Slack bot so anyone can generate secure passwords without leaving the conversation.
• You run a CI/CD pipeline or build an AI agent. Go straight to the Agent Gateway. It is language-agnostic and gives you fine-grained scoping, IP whitelists and audit logs.

All six integrations coexist happily on the same account. Nothing prevents you from using the CLI on your laptop, the VS Code extension in the office, the Slack bot on your phone and an Agent Gateway key in your GitHub Actions workflow — all accessing the same vault, all preserving the same zero-knowledge guarantee.

What About the Rest?

The Integrations page also lists a few cards marked Coming Soon (WordPress, Docker/Kubernetes, native mobile wrappers). Those are on the roadmap but not yet shipped. Everything described in this guide is available today — you can install and test any of them in under five minutes.