Skip to main content

Secure Credential Vault for Fully Autonomous Tasks

The Secure Credential Vault enables fully autonomous task execution by allowing automations to safely reuse account credentials when an agent is logged out or loses session state. Credentials attached to an automation act as a fallback authentication mechanism. If the agent is logged out, it automatically retrieves an encrypted token and re-authenticates without any human intervention.

How It Works

  • Credentials are attached to an automation or browser profile.
  • If the agent detects a logged-out state, it:
    1. Retrieves the encrypted credentials.
    2. Restores access by performing a fully autonomous login.
  • No manual actions or approvals are required during execution.
This ensures long-running or scheduled tasks remain stable even if sessions expire.

Two-Factor Authentication (TOTP Support)

The vault supports accounts protected by two-factor authentication using a Time-based One-Time Password (TOTP). To configure TOTP credentials:
  1. Generate a TOTP secret key (12-character authenticator key) in the original account’s security settings.
  2. Paste this key into the credentials setup page.
  3. Click Get code to generate a 6-digit one-time password.
  4. Enter the generated code in the target account to confirm and bind the authenticator.
Once configured, the agent can pass 2FA challenges autonomously during login.

Security Model

  • All credentials are protected with end-to-end encryption using:
    • AES-128-CBC for encryption
    • HMAC-SHA256 for integrity verification
  • Credentials are used only in encrypted form.
  • The LLM never has access to plaintext passwords or TOTP secrets.
  • Encrypted data is not exposed to third parties or logs.

Credential Visibility & Access Control

After credentials are created:
  • Passwords and TOTP secret keys are fully masked in the UI
  • Even during editing, sensitive fields remain blurred.
  • It is impossible to retrieve or view secrets again after initial setup.
This prevents accidental disclosure and ensures zero-knowledge handling of sensitive data.