Credential Handling
Effective date: March 31, 2026
This page explains how Agent handles passwords, tokens, API keys, and other secrets.
The short version
Use the right path for the right kind of secret:
- website passwords and one-time codes go in the secure desktop
- API keys, tokens, and command-line credentials go in Secrets
- normal chat is not for raw secrets
What chat does
Normal chat is saved and processed like normal conversation. Because of that, the product blocks obvious secrets before they are sent.
Do not paste:
- passwords
- login codes
- API keys
- access tokens
- refresh tokens
- private keys
If you try to paste one of those into chat, the product should stop you and point you to the safer path.
Secure desktop
If you need to log into a website or type a password into a browser, use the secure desktop tab.
In the current production setup, the desktop opens directly from the provider so password entry stays on the remote computer instead of going through normal chat.
Secrets
If you need the agent to use a credential in a command, save it in Secrets first.
Secrets are:
- encrypted on the product side
- tied to the machine you saved them on
- available to the agent by label, not by raw value
The agent can use a saved secret in a command without seeing the raw secret value in chat.
What we do not promise
We do not promise that raw secrets are safe if you put them in normal chat.
We do not promise that every command run with a secret will be harmless. If you tell the agent to use a secret in a command, that command can still do whatever it is told to do.
The safe pattern is to keep raw secrets out of chat and use the secure paths above.
If a secret is exposed
If you paste a secret into the wrong place, treat it as exposed.
Rotate it, replace it, or revoke it if the provider supports that.
Good habits
- Keep website logins in the secure desktop.
- Keep API keys and tokens in Secrets.
- Use short-lived credentials when you can.
- Rotate anything sensitive if you think it was exposed.