Add a Credential
Store an API key, token, or other secret securely in your organization. Credentials are encrypted at rest and can be assigned to LLM configurations, skills, tools, and runtimes.
Prerequisites
- Access to the Settings area of your organization
Steps
1. Navigate to Credentials
Open the sidebar and click Settings, then Credentials. You see a grid of credential cards showing any credentials already configured, plus a "Common Credentials" section with pre-defined templates.
2. Choose how to add
You have two options:
Option A: Use a common credential template. The "Common Credentials" section shows curated templates for popular services (OpenAI, Anthropic, Google, GitHub, Slack, and more). Click a template card to instantly create a credential with the correct name, key, type, and category pre-filled. You then fill in the secret values.
Option B: Create a custom credential. Click the "Add your own" card to open the standalone credential form, where you define everything from scratch.
Use templates whenever possible. They set the correct credential type and key name, which ensures tools and LLM configurations can find the credential automatically.
3. Select the credential type
If creating a custom credential, choose the type from the dropdown:
| Type | Fields | Use case |
|---|---|---|
| API Token | token | Single API keys (OpenAI, Anthropic, GitHub) |
| API Key Pair | api_key, api_secret | Services requiring key + secret |
| Username & Password | username, password | Basic auth services |
| Email (SMTP) | host, port, username, password, encryption | Outbound email |
| OAuth 2.0 | client_id, client_secret, access_token, refresh_token | OAuth integrations |
| SSH Key | private_key, public_key, passphrase | SSH connections |
| Custom | Freeform JSON | Anything else |
The form updates dynamically to show the correct fields for the selected type.
4. Enter credential details
Fill in the required fields:
- Name -- A human-readable label (e.g., "OpenAI Production Key")
- Key -- The lookup identifier used by tools and configurations (e.g.,
OPENAI_API_KEY). This must match what consumers expect. - Category -- Organizes credentials in the UI:
llm_provider,mcp_service,runtime,communication, orcustom - Secret fields -- Enter your API key, token, or password values
Password fields are never pre-filled on edit. If you update a credential, leave password fields blank to keep the existing values. Only fill them in to change the stored secret.
5. Save the credential
Click Create Credential (or Update if editing). The credential is encrypted and stored. You are redirected to the credentials index where your new credential appears as a card.
The card shows the credential type, category badge, and a masked summary (e.g., ••••a1b2) so you can confirm it was saved without exposing the secret.
6. Assign the credential to consumers
Credentials are linked to consumers through credential assignments. You assign them from the consumer's edit form:
- LLM Configuration -- Select the credential when configuring an LLM (see Configure an LLM)
- Skill -- Assign credentials in the skill edit form (see Create a Skill)
- Tool Definition -- Assign from the tool's settings
- Runtime -- Select when configuring a runtime
7. Delete a credential
Click a credential card to open the edit modal, then click Delete. A confirmation message lists all affected consumers (e.g., "2 LLM configs unlinked, 1 skill updated") so you understand the impact before confirming.
What's next
- Configure an LLM to use the credential with an AI model
- Create a Skill to bundle the credential with tools
- Connect an MCP Server to add external tool servers