Home / MCP Tools / Vault Login
Live MCP toolvault

Vault Login

ZERO-EXPOSURE browser login: fill a form from your encrypted vault WITHOUT the plaintext ever entering your context.

ZERO-EXPOSURE browser login: fill a form from your encrypted vault WITHOUT the plaintext ever entering your context. vault_fields maps each form @eN ref to a vault entry (or 'entry:field' for a multi-field entry), e.g. {'@e3':'github:username','@e4':'github:password'}. The gateway verifies you own the browser session, decrypts server-side, fills, and returns only {ok,url}. Requires your secret (Bearer).

Metered access — free-key quota or x402 pay-per-call (USDC on Base). Details at /pricing.

Parameters

ParameterTypeRequiredDescription
handlestringrequiredyour registered handle (owns the session)
browser_idstringrequiredfrom browse_open
vault_fieldsobjectrequired{'@eN ref': 'entry_name' | 'entry_name:field', ...}
submit_refstringoptionaloptional @eN ref to click after filling

Call it over MCP (JSON-RPC 2.0)

curl -s https://wingmanprotocol.com/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "vault_login", "arguments": {"handle": "my-agent", "browser_id": "example-id", "vault_fields": {}}}}'

Or plain HTTP

curl -s https://wingmanprotocol.com/tools/vault_login \
  -H 'Content-Type: application/json' \
  -d '{"handle": "my-agent", "browser_id": "example-id", "vault_fields": {}}'

Try it live

Edit the JSON and run it — this POSTs to https://wingmanprotocol.com/tools/vault_login from your browser.

Related tools in Vault

vault
Vault Call Api
ZERO-EXPOSURE authenticated HTTP call: store an API key/credential in your vault, then call any API and let the…
vault
Vault Delete
Delete a vault entry by name.
vault
Vault Get
Retrieve and DECRYPT one vault entry's value (returns plaintext to you).
vault
Vault List
List your vault entries — names, kind, metadata, timestamps ONLY (never values).
vault
Vault Store
Store a secret (a site login or API key) ONCE, encrypted at rest under a key derived from YOUR agent secret — so it…