Credentials
Manage credentials for LLM providers, media providers, data warehouses, and external tools securely.
Credentials
Credentials store the API keys, connection strings, and secrets needed to connect to LLM providers, databases, and external services. All credential values are encrypted at rest and are never exposed in API responses.
Credential Categories
Credentials are organized into six categories:
LLM Credentials
Connect to LLM providers for prompt execution and agent orchestration.
| Provider | Type Identifier | Description |
|---|---|---|
| OpenAI | openai | GPT-4, GPT-4o, GPT-3.5, etc. |
| Anthropic | anthropic | Claude 3.5, Claude 3, etc. |
| Google Gemini | gemini | Gemini Pro, Gemini Ultra, etc. |
| DeepSeek | deepseek | DeepSeek chat and code models |
| Fireworks | fireworks | Fireworks AI hosted models |
| xAI | xai | Grok models |
| OpenRouter | openrouter | Multi-provider routing |
| Together AI | together_ai | Together AI hosted models |
| Mistral | mistral | Mistral AI models |
| Cohere | cohere | Cohere command and embed models |
| Groq | groq | Groq high-speed inference |
| Perplexity | perplexity | Search-augmented Sonar models |
Speech Credentials
Connect to speech providers for text-to-speech and speech-to-text.
| Provider | Type Identifier | Description |
|---|---|---|
| ElevenLabs | elevenlabs | High-quality TTS voices |
| Deepgram | deepgram | TTS and STT with Nova models |
| OpenAI Audio | openai_audio | OpenAI TTS (tts-1) and Whisper STT |
Image Credentials
Connect to image generation and editing providers.
| Provider | Type Identifier | Description |
|---|---|---|
| Fal | fal | Fast image generation (FLUX, SD) |
| Replicate | replicate | Run open-source models |
| Stability AI | stability | Stable Diffusion models |
| OpenAI Image | openai_image | DALL-E 3 and DALL-E 2 |
Video Credentials
Connect to video generation providers.
| Provider | Type Identifier | Description |
|---|---|---|
| Runway | runway | Gen-3 Alpha video generation |
| Pika | pika | AI video generation |
| Luma | luma | Dream Machine video generation |
Data Warehouse Credentials
Connect to databases for data source queries.
| Database | Type Identifier | Description |
|---|---|---|
| PostgreSQL | postgresql | PostgreSQL connection string |
| MySQL | mysql | MySQL connection string |
| BigQuery | bigquery | Google BigQuery service account |
| Snowflake | snowflake | Snowflake account credentials |
| Redshift | redshift | Amazon Redshift connection |
| MSSQL | mssql | Microsoft SQL Server |
| ClickHouse | clickhouse | ClickHouse connection |
| Static File | static_file | File-based data access |
Tool Credentials
Credentials for external APIs and services used by MCP tools.
| Type | Description |
|---|---|
api_key | Generic API key authentication |
oauth | OAuth token-based authentication |
database | Generic database connection (with schema_type required) |
smtp | SMTP server credentials |
Creating Credentials
Python SDK
# LLM credential
credential = client.credentials.create(
name="OpenAI Production",
category="llm",
type="openai",
value="sk-proj-your-openai-api-key",
description="Production OpenAI API key"
)
# Data warehouse credential
db_credential = client.credentials.create(
name="Analytics Database",
category="data_warehouse",
type="postgresql",
value="postgresql://user:password@host:5432/analytics",
description="Read-only analytics database"
)
# Speech credential
speech_credential = client.credentials.create(
name="ElevenLabs Production",
category="speech",
type="elevenlabs",
value="your-elevenlabs-api-key",
description="ElevenLabs TTS API key"
)
# Tool credential
tool_credential = client.credentials.create(
name="Slack Bot Token",
category="tools",
type="api_key",
value="xoxb-your-slack-bot-token",
description="Slack bot for notifications"
)JavaScript SDK
const credential = await client.credentials.create({
name: 'OpenAI Production',
category: 'llm',
type: 'openai',
value: 'sk-proj-your-openai-api-key',
description: 'Production OpenAI API key',
})Default Credentials
You can mark one credential per type as the default. Default credentials are automatically used when no specific credential is specified:
client.credentials.set_default(credential_id="your-credential-id")When an agent or prompt references a model from a provider (e.g., OpenAI), PromptRails uses the default credential for that provider type unless overridden.
Connection Validation
Validate that a credential can successfully connect to its target service:
result = client.credentials.validate(credential_id="your-credential-id")
print(f"Valid: {result['data']['is_valid']}")Validation checks vary by credential type:
- LLM credentials: Makes a lightweight API call to verify the key
- Database credentials: Attempts a connection and basic query
- Tool credentials: Depends on the tool configuration
Schema Discovery
For data warehouse credentials, PromptRails can discover the database schema (tables, columns, types):
# Trigger schema discovery
client.credentials.discover_schema(credential_id="your-credential-id")
# Get the discovered schema
credential = client.credentials.get(credential_id="your-credential-id")
if credential["data"]["has_schema"]:
print(f"Schema updated: {credential['data']['schema_updated_at']}")The discovered schema includes:
- Table names
- Column names and data types
- Nullability
- Default values
- Descriptions (where available)
This schema information helps agents understand the database structure when constructing queries.
Credential Response
API responses include a safe representation of credentials (never the raw value):
| Field | Description |
|---|---|
id | Unique credential identifier |
name | Display name |
type | Provider or database type |
category | llm, speech, image, video, data_warehouse, or tools |
description | Optional description |
masked_content | Masked credential value (e.g., sk-pr...abcd) |
is_default | Whether this is the default for its type |
is_valid | Whether the last validation check passed |
has_schema | Whether schema information is available |
schema_updated_at | When the schema was last discovered |
created_at | Creation timestamp |
updated_at | Last update timestamp |
Updating Credentials
When you update a credential, the new value is encrypted and stored. The previous value cannot be recovered.
client.credentials.update(
credential_id="your-credential-id",
value="new-api-key-value",
name="Updated Name"
)Deleting Credentials
Credentials are soft-deleted. Deleting a credential does not affect historical execution traces but will prevent future use.
client.credentials.delete(credential_id="your-credential-id")Related Topics
- Media Generation -- Using credentials for speech, image, and video
- Data Sources -- Using credentials for database queries
- MCP Tools -- Using credentials for tool authentication
- Security -- Encryption and security practices