Credentials

The credential vault stores encrypted secrets used by your APIs and tools for authenticated upstream requests. almyty encrypts all credential values at rest and never exposes raw secrets after creation.

In the UI

1. Navigate to Settings in the sidebar, then open the Credentials tab
2. Click Add Credential

3. Select a credential type (API Key, Bearer Token, Basic Auth, OAuth2, JWT, or Custom)
4. Enter a name and the required fields for that type
5. Click Save — the raw value is encrypted immediately and cannot be retrieved later
6. To use a credential, select it from the credential dropdown when configuring an API or tool

Access keys

The Access Keys tab manages keys for CLI and programmatic access to the almyty API itself (separate from gateway API keys).

1. Open the Access Keys tab
2. Click Create Access Key
3. Copy the key immediately — it is shown only once

Via the API

Create a credential

curl -X POST /credentials \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe API Key",
    "type": "api_key",
    "value": "sk_live_...",
    "description": "Production Stripe key"
  }'

List credentials

curl /credentials \
  -H "Authorization: Bearer $TOKEN"

Values are never returned in list or detail responses.

Update a credential

curl -X PATCH /credentials/{id} \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "value": "sk_live_new_..."
  }'

Delete a credential

curl -X DELETE /credentials/{id} \
  -H "Authorization: Bearer $TOKEN"

Supported types

Configuration reference

Security

• All values are encrypted with AES-256 using the server’s ENCRYPTION_KEY
• Raw values are never returned by the API after creation
• Credentials are scoped to the organization that created them
• Deleting a credential does not affect historical request logs