> ## Documentation Index
> Fetch the complete documentation index at: https://skyvern.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Credentials Overview

> Securely store passwords, credit cards, and secrets in the Skyvern Cloud UI Credentials page, with encrypted-at-rest vault storage and just-in-time injection during browser automation.

The **Credentials** page stores sensitive values (passwords, payment cards, and secrets) so your agents can use them without embedding secrets in prompts or parameters. Skyvern stores credentials by default with no external service required.

<img src="https://mintcdn.com/skyvern/r7-Gpk9XzCfyJ6Ad/images/cloud/credentials-overview.png?fit=max&auto=format&n=r7-Gpk9XzCfyJ6Ad&q=85&s=83b04f60db7fc614788085a0905f3f1a" alt="Credentials page overview" width="3164" height="1922" data-path="images/cloud/credentials-overview.png" />

## How Skyvern keeps credentials secure

Sensitive credential data never reaches the LLM, logs, or API responses.

<Steps>
  <Step title="Encrypted at rest">
    When you save a credential, the sensitive data (passwords, card numbers, CVVs, and TOTP secrets) is sent to a secure vault that provides encryption at rest. Skyvern supports multiple vault backends: Bitwarden, 1Password, Azure Key Vault, and custom webhook providers. Skyvern's own database stores only non-sensitive metadata: credential name, username, card last four digits, card brand, TOTP method, and similar identifiers. Passwords, full card numbers, CVVs, and TOTP secrets are stored exclusively in the vault.
  </Step>

  <Step title="Placeholders during execution">
    When an agent runs, the LLM receives only placeholder IDs like `placeholder_Xk9m_password`. The AI decides *where* to type on the page, but never sees the real values. No third party, including the LLM provider, ever accesses your actual credentials.
  </Step>

  <Step title="Just-in-time injection">
    At the browser level, the automation layer resolves placeholders to real values and types them directly into the page. After execution, credential values that appear in HTTP Request block responses, block context snapshots, and conditional evaluation outputs are automatically masked before storage.
  </Step>
</Steps>

***

## Quick start

<Steps>
  <Step title="Navigate to the Credentials page">
    Click **Credentials** in the left sidebar under **General**.

    <img src="https://mintcdn.com/skyvern/l7i0w7SOoh_Xbpng/images/cloud/credentials-sidebar-nav.png?fit=max&auto=format&n=l7i0w7SOoh_Xbpng&q=85&s=e87ba844b3d5f943a4ac91df3c675aee" alt="Credentials option in the left sidebar under General" width="768" height="550" data-path="images/cloud/credentials-sidebar-nav.png" />
  </Step>

  <Step title="Click + Add">
    Choose the credential type: **Password**, **Credit Card**, or **Secret**.

    <img src="https://mintcdn.com/skyvern/l7i0w7SOoh_Xbpng/images/cloud/credentials-add-dropdown.png?fit=max&auto=format&n=l7i0w7SOoh_Xbpng&q=85&s=27bd262f7720e9d6a4e4216444fabb00" alt="Add dropdown showing Password, Credit Card, and Secret options" width="854" height="530" data-path="images/cloud/credentials-add-dropdown.png" />
  </Step>

  <Step title="Fill in the details and save">
    Enter the required fields and click **Save**. The credential is immediately available for use in agents.
  </Step>
</Steps>

***

## What you can store

<CardGroup cols={3}>
  <Card title="Password Credentials" icon="key" href="/cloud/managing-credentials/password-credentials">
    Username, password, and optional 2FA configuration for automated logins
  </Card>

  <Card title="Credit Card Credentials" icon="credit-card" href="/cloud/managing-credentials/credit-card-credentials">
    Payment card details for purchase and checkout agents
  </Card>

  <Card title="Secret Credentials" icon="file-shield" href="#secret-credentials">
    A single sensitive string such as an API key, bearer token, or any value you don't want hardcoded
  </Card>
</CardGroup>

Password and Credit Card credentials have their own pages. Secrets are simpler and documented here.

### Secret credentials

Secrets store a single sensitive value (an API key, bearer token, or similar). Create one from **+ Add → Secret**, give it a name and value, then reference it in HTTP Request, Code, or Workflow Trigger blocks using the credential parameter's key:

```
{{ parameter_key.secret_value }}
```

Replace `parameter_key` with the **key** assigned to the credential parameter in the agent editor (e.g., `credentials`, `credentials_1`).

***

## Using credentials in agents

The most common pattern is a **Login block**. A Login block is an agent step that signs into a website using stored credentials. Select a credential from the dropdown, and Skyvern fills in the username, password, and 2FA code (if configured) automatically. See [Block Reference](/cloud/building-agents/configure-blocks) for details.

For agents that need different credentials at runtime, add a **Credential parameter** (type: `credential_id`). When someone runs the agent, they pick which credential to use from a dropdown. See [Agent Parameters](/cloud/building-agents/add-parameters) for setup.

***

## Deleting credentials

Click the **trash icon** on any credential row. Deletion is permanent and cannot be undone. If an agent references a deleted credential, the run will fail during initialization until you assign a replacement.

<CardGroup cols={2}>
  <Card title="Password Credentials" icon="key" href="/cloud/managing-credentials/password-credentials">
    Store logins with optional 2FA
  </Card>

  <Card title="Credit Card Credentials" icon="credit-card" href="/cloud/managing-credentials/credit-card-credentials">
    Store payment details for checkout agents
  </Card>

  <Card title="2FA / TOTP Setup" icon="shield-halved" href="/cloud/managing-credentials/totp-setup">
    Configure and manage two-factor authentication
  </Card>

  <Card title="External Providers" icon="vault" href="/cloud/managing-credentials/external-providers">
    Connect Bitwarden, 1Password, Azure Key Vault, or a custom API
  </Card>
</CardGroup>
