POST /api/v1/cloud/vaults/{vault_id}/credentials
Adds a new MCP server credential to the specified vault.
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
vault_id | string | Yes | Vault unique identifier |
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer $QODER_PAT |
Content-Type | Yes | application/json |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
auth | object | Yes | Credential authentication details. See Credential auth object |
display_name | string | No | Accepted for compatibility; currently returned as null and not persisted |
metadata | object | No | Custom metadata stored with the credential; defaults to {} |
Example request
Example response
HTTP 200 OKResponse fields
| Field | Type | Description |
|---|---|---|
id | string | Credential unique identifier with the vcred_ prefix |
type | string | Always "vault_credential" |
vault_id | string | Owning Vault ID |
auth | object | Sanitized authentication details; secrets are never returned |
display_name | null | Currently always null |
metadata | object | Custom metadata object stored with the credential; defaults to {} |
archived_at | string | null | Archive time, or null when active |
created_at | string | Creation time (ISO 8601) |
updated_at | string | Last update time (ISO 8601) |
Errors
| HTTP | Type | Trigger |
|---|---|---|
| 400 | invalid_request_error | Missing auth, invalid credential type, missing required auth fields, or invalid metadata |
| 401 | TOKEN_INVALID | Missing or invalid authentication token |
| 404 | not_found_error | Vault does not exist or is not accessible |
| 409 | conflict_error | Vault is archived, vault reached the active credential limit, or a duplicate active MCP credential exists |
Notes
- The response does not return credential secrets, including
token,access_token,refresh_token,client_secret, orsecret_value. - A vault can hold up to 20 active credentials.
- Credentials are
activeimmediately after creation.
Related
Authenticate with vaults
Store and inject secrets safely into agent sessions.