vodorod/Dorod-Sky
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f5cf80a1beecdd593091c99172fca1632fcbceb3
Dorod-Sky/docs/cloud/managing-credentials/credentials-overview.mdx
Naman bf8c7de8f9 cloud ui docs + cookbooks (#4759) 
Co-authored-by: Ritik Sahni <ritiksahni0203@gmail.com>
Co-authored-by: Kunal Mishra <kunalm2345@gmail.com>
2026-02-16 22:14:40 +00:00

97 lines
4.8 KiB
Plaintext
Raw Blame History

---
title: Credentials Overview
subtitle: Securely store login details, payment info, and secrets for your automations
slug: cloud/managing-credentials/credentials-overview
---
The **Credentials** page stores sensitive values — passwords, payment cards, and secrets — so your workflows can use them without you pasting passwords into prompts.
<Note>
Credentials **never reach the LLM**. The AI agent decides *where* to type, but the actual values are injected directly into the browser by the automation layer. Your credentials aren't exposed in prompts, logs, or model provider APIs.
</Note>
<img src="/images/cloud/credentials-overview.png" alt="Credentials page overview" />
## What you can store
**[Password credentials](/cloud/managing-credentials/password-credentials)** — username, password, and optional 2FA configuration. Used with Login blocks to automate full sign-in flows, including two-factor authentication.
**[Credit card credentials](/cloud/managing-credentials/credit-card-credentials)** — payment card details (number, expiration, CVV, cardholder name). Used in workflows that complete purchases or fill billing forms.
**Secret credentials** — a single sensitive string: API key, bearer token, encryption key, or anything you don't want hardcoded. Create one from **+ Add → Secret** and reference it in any parameter field:
```
{{ credential_name.secret_value }}
```
## External credential providers
If your organization already manages secrets in a dedicated vault, reference them directly from **Bitwarden**, **1Password**, or **Azure Key Vault** by adding credential parameters in the [workflow editor](/cloud/building-workflows/add-parameters).
### Bitwarden
Works with hosted Bitwarden and the self-hosted [Vaultwarden](https://github.com/dani-garcia/vaultwarden) fork. Supports passwords, credit cards, and identity data (SSN, address, phone numbers).
Point a credential parameter at a specific vault item using the **Collection ID** and **Item ID** from the Bitwarden web UI. Alternatively, set a **URL Parameter Key** so Bitwarden matches credentials by the target URL — useful when the same workflow runs against different sites.
For identity data, specify an **Identity Key** and a comma-separated list of **Identity Fields** (e.g., `ssn, address, phone`).
### 1Password
Connects via a service account token. Supports passwords and credit cards.
**One-time setup:** Go to **Settings** → find the **1Password** card → paste your [service account token](https://developer.1password.com/docs/service-accounts/get-started/) → click **Update**. The status indicator turns **Active** once validated.
In the workflow editor, select **1Password** as the credential source and provide the **Vault ID** and **Item ID** from your 1Password web URLs.
<Warning>
Credit cards from 1Password need a text field named **"Expire Date"** on the item in `MM/YYYY` format. This is a workaround for how 1Password structures card data.
</Warning>
### Azure Key Vault
Pulls credentials stored as Azure secrets. Supports passwords with optional TOTP.
**One-time setup:** Go to **Settings** → find the **Azure** card → enter your **Tenant ID**, **Client ID**, and **Client Secret** → click **Update**.
In the workflow editor, select **Azure Key Vault** as the credential source and point it at your vault by name. Provide the **secret names** that store the username and password (and optionally a TOTP secret for 2FA) — not the values themselves.
### Which source should you use?
| Source | Best for |
|--------|----------|
| **Skyvern built-in** | Fastest setup — create credentials directly in the UI, no external dependencies |
| **Bitwarden** | Teams already using Bitwarden who don't want to manage credentials in two places |
| **1Password** | Teams already using 1Password with service account access |
| **Azure Key Vault** | Enterprise environments with centrally managed Azure secrets |
You can mix sources within the same workflow — one Login block using Skyvern-stored credentials and another using Azure Key Vault.
## Deleting credentials
Click the **trash icon** on any credential. Deletion is permanent — the Skyvern team can't restore deleted credentials. If a workflow references a deleted credential, it will fail at the login step until you assign a replacement.
<CardGroup cols={3}>
<Card
title="Password Credentials"
icon="key"
href="/cloud/managing-credentials/password-credentials"
>
Store logins with optional 2FA
</Card>
<Card
title="Credit Card Credentials"
icon="credit-card"
href="/cloud/managing-credentials/credit-card-credentials"
>
Store payment details for purchase workflows
</Card>
<Card
title="2FA / TOTP Setup"
icon="shield-halved"
href="/cloud/managing-credentials/totp-setup"
>
Configure and manage two-factor authentication
</Card>
</CardGroup>
Reference in New Issue View Git Blame Copy Permalink