Connectors & Credentials

Managing Credentials

Store and manage API keys, tokens, and secrets securely in CRHQ — encrypted at rest with AES-256-GCM.

Credentials are sensitive values — API keys, tokens, passwords — that agents need to access external services. CRHQ stores them securely and provides them to authorized agents on demand.

Viewing Credentials

Go to Settings → Credentials to see all stored credentials. The list shows:

Name — Descriptive label
Service — Which connector it belongs to
Type — API key, token, password
Created — When it was added
Last used — When an agent last accessed it

Actual secret values are never displayed in the UI after creation.

Adding Credentials

Click Add Credential
Enter:

Field	Description
Name	Descriptive label (e.g., "Slack Bot Token")
Service	Associated connector
Value	The secret (API key, token, etc.)
Environment	Production, staging, or development

Save — the value is encrypted immediately

Security

Credentials are protected by multiple layers:

Encryption at rest — AES-256-GCM encryption
Access control — Only authorized agents can retrieve credentials
Audit logging — Every credential access is logged
No exposure — Agents are instructed never to output credentials in conversations
Server-side only — Credentials never leave your server

Warning: Never paste credentials directly into a conversation. Always store them through Settings → Credentials and let agents access them through the proper credential system.

Updating Credentials

Click a credential to update its value (e.g., when rotating API keys). The old value is replaced immediately.

Deleting Credentials

Remove credentials that are no longer needed. Ensure no active connectors depend on them first.

What's Next

Access ControlConnectors & Credentials Connectors OverviewConnectors & Credentials

← PreviousOverview Next →Access Control