Skip to main content

Manage Credentials

Overview

To do anything useful, your agents need access to external tools like email, calendars, and code repositories. Credentials are how you grant that access securely.

The Manage Credentials section serves as the central vault for managing these authorizations. It provides a global view of every external service connected to your VibeAgent account, allowing you to audit access, revoke permissions, or update expired tokens.

info

Contextual vs. Global

  • Create credentials on the canvas while building your flow (Contextual).
  • Manage credentials here in the settings to audit or revoke access (Global).

1. Creating Keys

VibeAgent is designed for speed. You do not need to leave your workflow to set up a new tool. Authentication is handled directly on the node itself.

  • The Workflow: When you drag a tool (like Gmail or GitHub) onto the canvas, it will show a No Auth badge.
  • Setup: Clicking the Auth button (Key Icon) opens the settings modal.
  • Action: You can select an existing credential from the dropdown or click + Add New to launch the secure OAuth popup immediately.

Once authenticated, the node badge turns Auth, indicating the connection is active and ready for deployment.

2. Managing Credentials

As you build more agents, you will accumulate various connections. The Manage Credentials page allows you to oversee this library.

Accessing the Vault

  1. Navigate to the Manage Credentials tab in the left sidebar.
  2. Here, you will see a list of all active providers (Github, Gmail, Calendar, etc.) and the specific accounts connected to them.

Managing Connections

  • Add New: Click the blue + Add Credential button in the top right to pre-authorize a new service before using it in a flow.
  • Audit: Check the Provider and Name columns to see exactly which email address is connected to which service.
  • Revoke/Delete: Click the three dots (⋮) next to any credential and select Delete. This immediately invalidates the token, preventing any agent using that key from accessing your data.

Security Architecture

VibeAgent prioritizes the security of your private data:

  • OAuth Standard: Whenever possible, we use OAuth2 flows (the standard "Sign in with Google" popups) so we never see or store your actual passwords.
  • Token Encryption: Access tokens are encrypted at rest.
  • Scope Isolation: Credentials are scoped. Granting access to "Read Emails" does not inherently grant access to "Delete Files" unless explicitly requested by the specific tool.