# Credentials > Manage credentials for LLM providers, media providers, data warehouses, and external tools securely. Source: https://0.0.0.0:8080/docs/credentials Credentials store the API keys, connection strings, and secrets needed to connect to LLM providers, databases, and external services. All credential values are encrypted at rest and are never exposed in API responses. ## Credential Categories Credentials are organized into six categories: ### LLM Credentials Connect to LLM providers for prompt execution and agent orchestration. | Provider | Type Identifier | Description | | ------------- | --------------- | ------------------------------- | | OpenAI | `openai` | GPT-4, GPT-4o, GPT-3.5, etc. | | Anthropic | `anthropic` | Claude 3.5, Claude 3, etc. | | Google Gemini | `gemini` | Gemini Pro, Gemini Ultra, etc. | | DeepSeek | `deepseek` | DeepSeek chat and code models | | Fireworks | `fireworks` | Fireworks AI hosted models | | xAI | `xai` | Grok models | | OpenRouter | `openrouter` | Multi-provider routing | | Together AI | `together_ai` | Together AI hosted models | | Mistral | `mistral` | Mistral AI models | | Cohere | `cohere` | Cohere command and embed models | | Groq | `groq` | Groq high-speed inference | | Perplexity | `perplexity` | Search-augmented Sonar models | ### Speech Credentials Connect to speech providers for text-to-speech and speech-to-text. | Provider | Type Identifier | Description | | ------------ | --------------- | ---------------------------------- | | ElevenLabs | `elevenlabs` | High-quality TTS voices | | Deepgram | `deepgram` | TTS and STT with Nova models | | OpenAI Audio | `openai_audio` | OpenAI TTS (tts-1) and Whisper STT | ### Image Credentials Connect to image generation and editing providers. | Provider | Type Identifier | Description | | ------------ | --------------- | -------------------------------- | | Fal | `fal` | Fast image generation (FLUX, SD) | | Replicate | `replicate` | Run open-source models | | Stability AI | `stability` | Stable Diffusion models | | OpenAI Image | `openai_image` | DALL-E 3 and DALL-E 2 | ### Video Credentials Connect to video generation providers. | Provider | Type Identifier | Description | | -------- | --------------- | ------------------------------ | | Runway | `runway` | Gen-3 Alpha video generation | | Pika | `pika` | AI video generation | | Luma | `luma` | Dream Machine video generation | ### Data Warehouse Credentials Connect to databases for data source queries. | Database | Type Identifier | Description | | ----------- | --------------- | ------------------------------- | | PostgreSQL | `postgresql` | PostgreSQL connection string | | MySQL | `mysql` | MySQL connection string | | BigQuery | `bigquery` | Google BigQuery service account | | Snowflake | `snowflake` | Snowflake account credentials | | Redshift | `redshift` | Amazon Redshift connection | | MSSQL | `mssql` | Microsoft SQL Server | | ClickHouse | `clickhouse` | ClickHouse connection | | Static File | `static_file` | File-based data access | ### Tool Credentials Credentials for external APIs and services used by MCP tools. | Type | Description | | ---------- | ------------------------------------------------------- | | `api_key` | Generic API key authentication | | `oauth` | OAuth token-based authentication | | `database` | Generic database connection (with schema_type required) | | `smtp` | SMTP server credentials | ## Creating Credentials **Python SDK** ```python # LLM credential credential = client.credentials.create( name="OpenAI Production", category="llm", type="openai", value="sk-proj-your-openai-api-key", description="Production OpenAI API key" ) # Data warehouse credential db_credential = client.credentials.create( name="Analytics Database", category="data_warehouse", type="postgresql", value="postgresql://user:password@host:5432/analytics", description="Read-only analytics database" ) # Speech credential speech_credential = client.credentials.create( name="ElevenLabs Production", category="speech", type="elevenlabs", value="your-elevenlabs-api-key", description="ElevenLabs TTS API key" ) # Tool credential tool_credential = client.credentials.create( name="Slack Bot Token", category="tools", type="api_key", value="xoxb-your-slack-bot-token", description="Slack bot for notifications" ) ``` **JavaScript SDK** ```typescript const credential = await client.credentials.create({ name: 'OpenAI Production', category: 'llm', type: 'openai', value: 'sk-proj-your-openai-api-key', description: 'Production OpenAI API key', }) ``` ## Default Credentials You can mark one credential per type as the default. Default credentials are automatically used when no specific credential is specified: ```python client.credentials.set_default(credential_id="your-credential-id") ``` When an agent or prompt references a model from a provider (e.g., OpenAI), PromptRails uses the default credential for that provider type unless overridden. ## Connection Validation Validate that a credential can successfully connect to its target service: ```python result = client.credentials.validate(credential_id="your-credential-id") print(f"Valid: {result['data']['is_valid']}") ``` Validation checks vary by credential type: - LLM credentials: Makes a lightweight API call to verify the key - Database credentials: Attempts a connection and basic query - Tool credentials: Depends on the tool configuration ## Schema Discovery For data warehouse credentials, PromptRails can discover the database schema (tables, columns, types): ```python # Trigger schema discovery client.credentials.discover_schema(credential_id="your-credential-id") # Get the discovered schema credential = client.credentials.get(credential_id="your-credential-id") if credential["data"]["has_schema"]: print(f"Schema updated: {credential['data']['schema_updated_at']}") ``` The discovered schema includes: - Table names - Column names and data types - Nullability - Default values - Descriptions (where available) This schema information helps agents understand the database structure when constructing queries. ## Credential Response API responses include a safe representation of credentials (never the raw value): | Field | Description | | ------------------- | --------------------------------------------------------------- | | `id` | Unique credential identifier | | `name` | Display name | | `type` | Provider or database type | | `category` | `llm`, `speech`, `image`, `video`, `data_warehouse`, or `tools` | | `description` | Optional description | | `masked_content` | Masked credential value (e.g., `sk-pr...abcd`) | | `is_default` | Whether this is the default for its type | | `is_valid` | Whether the last validation check passed | | `has_schema` | Whether schema information is available | | `schema_updated_at` | When the schema was last discovered | | `created_at` | Creation timestamp | | `updated_at` | Last update timestamp | ## Updating Credentials When you update a credential, the new value is encrypted and stored. The previous value cannot be recovered. ```python client.credentials.update( credential_id="your-credential-id", value="new-api-key-value", name="Updated Name" ) ``` ## Deleting Credentials Credentials are soft-deleted. Deleting a credential does not affect historical execution traces but will prevent future use. ```python client.credentials.delete(credential_id="your-credential-id") ``` ## Related Topics - [Media Generation](/docs/media-generation) -- Using credentials for speech, image, and video - [Data Sources](/docs/data-sources) -- Using credentials for database queries - [MCP Tools](/docs/mcp-tools) -- Using credentials for tool authentication - [Security](/docs/security) -- Encryption and security practices