How Credentials Work
1
User provides credential
API keys, tokens, or passwords are entered in the platform.
2
Encrypted storage
Credentials are encrypted before being stored.
3
Named reference
Agents reference credentials by name, not value.
4
Platform handles auth
The platform uses credentials on behalf of the agent.
Security Measures
| Measure | Description |
|---|---|
| Client-side encryption | Secrets encrypted using RSA-OAEP with SHA-256 before transmission |
| Encrypted storage | Stored encrypted in database |
| Key separation | Private decryption key stored in GCP Secret Manager, not database |
| Access control | Only authorized agents can use specific credentials |
| No LLM exposure | Credentials are never exposed to the LLM directly |
Credential Types
API Keys
Authentication tokens for external services.
OAuth Tokens
Authorized access to services like Google, Slack.
Passwords
Service account credentials.
Custom Headers
Any authentication scheme via HTTP headers.
Access Control
Credentials can be stored at different levels:| Level | Visibility |
|---|---|
| Team level | Available to all agents in the team |
| Agent level | Only available to specific agents |
| Personal level | Only available when you’re using the agent |
Example: Google Drive Access
When you give an agent access to Google Drive:- You authorize via OAuth
- Access token is stored securely
- You specify which files/folders the agent can access
- Other users with agent access can indirectly access those files
- But they cannot access your personal token or other Drive files
Key Rotation
| Component | Rotation |
|---|---|
| Platform keys | Rotated annually |
| User credentials | User-controlled, rotate per your security policy |
| OAuth tokens | Refreshed automatically as needed |
Best Practices
Use least privilege
Use least privilege
Create credentials with only the permissions needed.
Rotate regularly
Rotate regularly
Update credentials periodically, especially after team changes.
Audit usage
Audit usage
Review which agents are using which credentials.
Revoke when not needed
Revoke when not needed
Remove credentials when they’re no longer required.