manage_credential_providers when your organization already stores login credentials in an external vault. Kernel can reference provider items during managed auth flows without storing the secret values directly in Kernel.
The current provider type is onepassword. After you create a provider, use list_items to find the provider-specific credential paths that can be passed to manage_auth_connections.
For 1Password setup and service-account requirements, see 1Password Integration.
Actions
| Action | Description |
|---|---|
list | List configured providers. |
get | Retrieve one provider by ID. |
create | Configure a provider with a service-account token. |
update | Change provider name, token, priority, enabled state, or cache TTL. |
delete | Remove a provider. |
list_items | List available credential items from the provider. |
test | Validate the provider token and list accessible vaults. |
Recommended flow
- Call
createwith a service-account token for the provider. - Call
testto confirm Kernel can access the vaults you expect. - Call
list_itemsto discover credential item paths. - Use
credential_providerwith eithercredential_pathorcredential_autowhen creating an auth connection.
Parameters
| Parameter | Description |
|---|---|
action | Operation to perform. Required. |
id | Credential provider ID. Required for get, update, delete, list_items, and test. |
name | (create, update) Human-readable provider name. Must be unique per organization. |
token | (create) Service-account token. (update) New token to rotate credentials. |
provider_type | (create) Provider type. Currently onepassword. |
cache_ttl_seconds | (create, update) How long to cache credential lists. Default 300. |
enabled | (update) Whether the provider is enabled for credential lookups. |
priority | (update) Priority order for credential lookups. Lower numbers are checked first. |