manage_credentials when managed auth needs a username, password, or TOTP secret that Kernel can supply during login. Credential values are never returned by get; reads return metadata only.
Store credentials here when you want Kernel to own the secret material. If your team already keeps secrets in an external vault, use Manage Credential Providers instead.
For credential concepts and field types, see Credentials.
Actions
| Action | Description |
|---|---|
list | Discover credentials, optionally filtered by domain. |
get | Return credential metadata. |
totp_code | Return the current 6-digit TOTP code for credentials with a configured TOTP secret. |
create | Store a new credential. |
update | Rename a credential or merge new values. |
delete | Remove a credential by ID or name. |
Recommended flow
- Call
createwith the domain, a stable name, and the credential fields. - Use the credential name in
manage_auth_connectionswhen creating a managed login. - Call
totp_codeonly when the agent needs the current code for a manual step. - Call
updateto rotate values or clear optional fields.
Parameters
| Parameter | Description |
|---|---|
action | Operation to perform. Required. |
id_or_name | (get, totp_code, update, delete) Credential ID or name. |
domain | (list) Filter by domain. (create) Target domain this credential is for. |
name | (create) Unique credential name. (update) New name. |
values | (create, update) Field name to value mapping, such as username and password. On update, values merge with existing values. |
sso_provider | (create, update) SSO provider, such as google, github, or microsoft. On update, an empty string clears it. |
totp_secret | (create, update) Base32-encoded TOTP secret for automatic 2FA. On update, an empty string clears it. |
limit | (list) Max results per page. Must be 1-100. |
offset | (list) Pagination offset. Must be 0 or greater. |