Credentials & Secrets

Securely manage API keys, OAuth tokens, database connections, and other sensitive data.

Overview

Credentials let you store sensitive information — API keys, OAuth tokens, database passwords, and other secrets — separately from your workflow definitions. This keeps secrets secure and makes them reusable across multiple workflows.

Encrypted storage — Secrets are encrypted at rest with AES-256.

Reusable — Use the same credential across multiple workflows without duplicating sensitive data.

Access control — Credentials are scoped to organizations with role-based access.

Creating Credentials

From the UI
  1. Open a node that requires authentication (e.g., HTTP Request, Database)
  2. Click the Credential dropdown
  3. Select Create New
  4. Fill in the required fields (API key, connection string, etc.)
  5. Give the credential a memorable name
  6. Click Save
Via API
Terminal

Credential Types

API Key
Simple authentication with a single key
OAuth2
OAuth 2.0 with access and refresh tokens
Database
Connection strings for PostgreSQL, MySQL, MongoDB, Redis
Basic Auth
Username and password

Security

Encryption

At Rest

All credentials are encrypted with AES-256-GCM before storage

In Transit

TLS 1.3 for all API communication

Key Management

Encryption keys are stored separately and rotated regularly

Best Practices
  • Use descriptive names to identify credentials easily
  • Create separate credentials for development and production
  • Rotate API keys and tokens regularly
  • Use least-privilege principle for database users
  • Never hardcode secrets in workflow expressions

Using in Workflows

Selecting Credentials

When configuring a node that requires authentication, select the appropriate credential from the dropdown. The credential fields will be automatically injected into the request.

Expression Access
Access credential data in expressions (advanced)
← Back to documentation