Credentials

A credential is how your AI agents prove they're allowed to access a service. Think of abilities as what agents can do, and credentials as the keys that let them in.

Types of Credentials

OAuth

Used for services like Google, GitHub, and Discord. You click "Connect" and authorize ClankTeam through the service's own login screen. No passwords are stored. ClankTeam receives a token that can be refreshed automatically.

Examples:

  • Google OAuth for Gmail, Drive, Calendar, and Ads access
  • GitHub OAuth for repository and issue access
  • Discord OAuth for bot access

API Key

A secret key you paste in from a service's dashboard. Used for services that don't support OAuth.

Examples:

  • Stripe API key for payment processing
  • Linear API key for project management
  • OpenAI or Anthropic keys for AI model access

Username and Password

Traditional login credentials for services that require them, like SMTP email servers.

File

A credential file you upload, like a GCP service account JSON file.

What You See in the Portal

The credentials page shows a table with:

  • Name: The credential and which service it's for (with the service's logo)
  • Type: OAuth, API Key, Password, or File
  • Status: Whether the credential is active, expired, or needs attention
  • Last Used: When agents last used this credential

You can filter by type and search by name.

Security

Credentials are stored in ClankTeam's secure vault, not in plain text config files. Your agents never see raw secret values. They access services through the credential without the underlying keys being exposed.

Each organization's credentials are completely isolated. A credential stored for one organization is never accessible to another.

When credentials are used at runtime, they're wiped from memory immediately after. They don't linger in logs, crash dumps, or anywhere else.

Managing Credentials

Click any credential to see its details: type, service, when it was last used, when it expires, and connection-specific fields like OAuth scopes.

From the detail view you can:

  • Connect or reconnect an OAuth credential
  • Disconnect a credential to revoke access
  • Delete a credential entirely

When a credential expires or needs attention, you'll see a warning status so you can fix it before your agents lose access.