Core concepts
| Concept | Description |
|---|---|
| Vault | A credential container that can hold multiple Credentials |
| Credential | A single credential bound to a specific MCP server URL |
auth.type | Credential auth type: static_bearer, mcp_oauth, or environment_variable |
vault_ids | The list of Vault IDs referenced when creating a Session |
Security
access_tokenis never returned in API responses.- Other secrets such as
token,refresh_token,client_secret, andsecret_valueare also never returned. - Credentials are encrypted at rest.
- Only the linked Sessions can read credential contents at runtime.
End-to-end flow
Append a credential
Add credentials to a Vault with nested The response returns
auth:type: "vault_credential" and a sanitized auth object. It does not include secret values.Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
display_name | string | Yes | Display name for the Vault |
metadata | object | No | Custom metadata |
auth.type | string | Yes for credentials | static_bearer, mcp_oauth, or environment_variable |
auth.mcp_server_url | string | Yes for MCP credentials | MCP server URL |
auth.token | string | Yes for static_bearer | Bearer token value; write-only |
FAQ
Q: Can I update a Credential’s token? A: Rotate by deleting the old Credential and creating a new one. Q: How many Vaults can a Session reference? A: There’s no hard limit, but group by service for clarity. Q: My token leaked. What now? A: Delete the Credential immediately, revoke the token in the third-party platform, and create a new Credential. Q: Can I read stored tokens? A: No. For security, credential secrets are write-only — you can only delete and recreate.Use separate Vaults per environment (development vs. production) to avoid mixing credentials.
Next steps
Start a session
Run an agent against an environment.
Agent setup
Review Agent configuration.
Build persistent memory
Give your agent persistent memory across sessions.
Cloud environment setup
Customize the runtime.