Skip to main content
A Credential is a sensitive value stored in a vault that Agent Vault attaches to proxied requests. This can be an API key, database credential, password, or any other sensitive material. Each credential has:
  • Key: An UPPER_SNAKE_CASE name (e.g. STRIPE_KEY, GITHUB_TOKEN) for the credential. This is used to reference the credential in services.
  • Value: The credential material, encrypted at rest with AES-256-GCM. Values are only decrypted in memory at proxy time.
Credentials can be referenced in vault services by key name. When an agent makes a proxied request, Agent Vault resolves the key to the real credential value and attaches it to the outbound request.
Credential values are encrypted at rest and only decrypted in memory when needed. Vault members and admins can read credential values via vault credential get or vault credential list --reveal. Agents with the proxy role cannot read credential values — they are only injected at proxy time.
Credentials can be added to a vault in two ways:
  • Automatically: When an agent needs access to a new service, it can raise a proposal that includes the credential slots it needs. You review the proposal, provide the credential values, and approve. This is the recommended workflow for working with Agent Vault.
  • Manually: You can set credentials directly via the CLI before inviting agents. This is useful for pre-configuring a vault with known service credentials.

Store a credential

agent-vault vault credential set STRIPE_KEY=sk_test_abc123 --vault my-vault
The vault credential command (alias: vault creds) uses KEY=VALUE format. Multiple credentials can be set at once (e.g. agent-vault vault credential set A=1 B=2). If STRIPE_KEY already exists, it is overwritten.

Delete a credential

agent-vault vault credential delete STRIPE_KEY --vault my-vault
Permanently removes the credential from the vault.
Every credential key referenced in a vault service must resolve to either an existing credential or a credential slot in the same proposal. If you delete a credential that is still referenced by a service, proxy requests to that host will fail with a 502 error.
Agents can propose new credentials through proposals without ever handling the actual values. There are two flows:Agent needs a credential from you: The agent creates a proposal with a credential slot (key name, description, and optionally an obtain URL with instructions). You receive a browser link, enter the value, and click “Allow”. The credential is stored encrypted on approval.
{
  "credentials": [{
    "action": "set",
    "key": "STRIPE_KEY",
    "description": "Stripe API key",
    "obtain": "https://dashboard.stripe.com/apikeys",
    "obtain_instructions": "Developers > API Keys > Reveal test key"
  }]
}
Agent generated a credential: If the agent created an API key or received a token during a workflow, it can include the value field in the proposal. You review the proposal and confirm the value is correct before it is stored.
{
  "credentials": [{
    "action": "set",
    "key": "GENERATED_TOKEN",
    "description": "Token generated during setup",
    "value": "tok_abc123"
  }]
}
Each credential slot has an action field: set (add or replace) or delete (remove). Approval atomically applies all credential changes in a single transaction.
Agents can also propose removing credentials they no longer need:
{
  "credentials": [{ "action": "delete", "key": "OLD_API_KEY" }],
  "message": "Remove unused API key"
}
Delete-action slots only require the key field. The credential is removed when you approve the proposal.