Credentials
Encrypted secrets the agent can use when calling external infrastructure tools — SSH hosts, Proxmox / Caddy / Cloudflare APIs, any HTTP endpoint behind a token.
Stored credentials
Loading…
How this works
Secrets are sealed with AES-256-GCM before they hit the database. They never leave the server — list responses only show metadata. Delete a credential and the matching infra tool stops auto-mounting on the next chat turn.
Encryption uses the same SECRETS_KEY env var as your provider keys.