> ## Documentation Index
> Fetch the complete documentation index at: https://sourcetable.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Credential management

> Securely store and manage API keys, database passwords, and service credentials.

Credential management lets you securely store authentication details for APIs, databases, and services. Once stored, the AI can use these credentials to connect to your services without exposing sensitive information.

## Adding credentials

<Steps>
  <Step title="Open credential manager">
    In the AI chat, ask "add credentials" or navigate to the Superagents panel and click **Credentials**.
  </Step>

  <Step title="Select authentication type">
    Choose the type that matches your service.
  </Step>

  <Step title="Enter details">
    Provide the required fields for your authentication type.
  </Step>

  <Step title="Save">
    Credentials are encrypted and stored securely. The AI can now use them for connections.
  </Step>
</Steps>

## Supported authentication types

| Type                  | Fields                                         | Common services                       |
| --------------------- | ---------------------------------------------- | ------------------------------------- |
| **API Key**           | Key name, key value, header name               | Stripe, OpenAI, SendGrid              |
| **Bearer Token**      | Token value                                    | REST APIs, MCP servers                |
| **OAuth 2.0**         | Client ID, client secret, redirect URI, scopes | Google services, Facebook, Salesforce |
| **Basic Auth**        | Username, password                             | Legacy APIs, SMTP                     |
| **Database**          | Host, port, database, username, password       | PostgreSQL, MySQL, MongoDB            |
| **Connection String** | Full connection URI                            | Any database or service               |

## Encryption modes

Sourcetable offers two encryption modes for stored credentials:

### Standard symmetric encryption

Credentials are encrypted using AES-256 symmetric encryption. Sourcetable manages the encryption keys. This is the default mode and works for most use cases.

### PGP encryption

For maximum security, you can encrypt credentials with your own PGP public key. With this mode:

* Only your PGP private key can decrypt the credentials
* Sourcetable cannot read your stored credentials
* You must provide your PGP public key when setting up the credential
* If you lose your PGP private key, the credentials cannot be recovered

<Warning>
  PGP encryption means Sourcetable cannot help recover your credentials if you lose your private key. Make sure to back up your PGP keys.
</Warning>

## Managing credentials

### Listing credentials

```
"List all my saved credentials"
```

Shows all stored credentials with their names, types, and creation dates. Sensitive values are never displayed.

### Deleting credentials

```
"Delete the Stripe API key credential"
```

Permanently removes the credential. Any connections using it will stop working.

### Updating credentials

Delete the old credential and add a new one with the updated values.

## Security best practices

* Use **PGP encryption** for production database credentials
* Rotate API keys periodically
* Use read-only database credentials when write access isn't needed
* Create separate credentials for development and production environments
* Delete credentials you no longer use
