Credentials
Securely store passwords, API keys, and tokens that your agent can use without ever seeing the raw values.
Tip: Your agent understands the credential system. Ask it — "What credentials do I have set up?" or "I need to log into Salesforce — help me set up a credential."
Overview
Credentials are encrypted secrets — passwords, API keys, access tokens — that agents can use without ever seeing the raw values. This is a core security feature: even if an AI model behaves unexpectedly, it literally cannot leak credentials it doesn't have access to.
How It Works
The credential system uses a placeholder injection model:
- You create a credential with a name and value (e.g., name: "Gmail Password", value: "my-secret-pass")
- The value is encrypted and stored securely — it never appears in chat, logs, or the AI model's context
- When the agent needs to authenticate, it calls the
use_credentialtool with the credential name and the target form field - The system (not the AI) fills the value directly into the form field on the sandbox desktop
- The agent sees only a confirmation that the credential was applied — never the raw value
Agent sees: "Credential 'Gmail Password' applied to password field"
Agent NEVER sees: "my-secret-pass"
This means the AI model cannot echo, print, log, or transmit your secrets. The credential value exists only in the encrypted store and in the form field on the sandbox — never in the AI's context window.
Creating a Credential
- Go to the Credentials tab on your agent's detail page
- Click Add Credential
- Fill in:
- Name — A descriptive label (e.g., "GitHub Token", "CRM Login")
- Value — The secret itself (password, API key, token)
- Click Save
The value is encrypted immediately and won't be shown again. Only the name is visible in the UI.
Managing Credentials
Each credential appears as a card in the Credentials tab showing:
- Name — The credential's label
- Created date — When it was added
- Edit button — Update the name or replace the value
- Delete button — Remove the credential (with confirmation dialog)
Editing a Credential
Click Edit on a credential card to:
- Change the name (for better organization)
- Replace the value (the old value is overwritten)
The current value is never displayed — you can only replace it with a new one.
Deleting a Credential
Click Delete to remove a credential. A confirmation dialog appears since this action cannot be undone. If the agent tries to use a deleted credential, it will receive an error.
How the Agent Uses Credentials
When your agent encounters a login form or authentication prompt, it uses the use_credential tool:
- The agent identifies the form field that needs a password/key
- It calls
use_credentialwith the credential name and field location - The system injects the value directly into the field
- The agent proceeds with the workflow
You can tell your agent which credential to use: "Log into GitHub using my 'GitHub Token' credential" — or the agent can list available credentials and choose the right one.
Security Model
| Aspect | How It's Protected |
|---|---|
| Storage | Values are encrypted at rest |
| AI context | Values are never included in the model's context window |
| Chat history | Values never appear in messages or tool results |
| Logs | Values are excluded from all logging |
| Transmission | Values flow directly from encrypted storage to the sandbox form field |
The AI sees only credential names — never values. Even if you asked the agent "What's my GitHub password?", it would have no way to answer because the value doesn't exist in its context.
Best Practices
- Use descriptive names — "Salesforce Production Login" is better than "cred1"
- One credential per service — Don't reuse the same credential across different services
- Rotate regularly — Update credential values when you change passwords or rotate API keys
- Don't put secrets in instructions — Use credentials instead of typing passwords into custom instructions or skill files
- Test after creating — Ask the agent to use the credential on the target login form to verify it works