Location
Encryption
Credentials are encrypted using:- Algorithm: AES-256-GCM
- Key derivation: PBKDF2 with machine-specific seed
- Security model: Same protection level as OS keychains, without interactive prompts
Key Format
Credentials are stored with keys using different formats depending on scope: Global credentials (2-part key):type identifies the credential type, workspaceId is the workspace UUID, and sourceId is the source identifier.
Credential Types
| Type | Description | Scope |
|---|---|---|
anthropic_api_key | API key for the AI provider (Anthropic, OpenRouter, Vercel, or custom) | Global |
claude_oauth | Claude OAuth token (Pro/Max subscription) | Global |
llm_api_key | API key for an LLM connection | Per connection |
llm_oauth | OAuth token for an LLM connection | Per connection |
llm_iam | AWS IAM credentials for Bedrock | Per connection |
llm_service_account | GCP service account JSON for Vertex | Per connection |
source_oauth | Source OAuth token | Per source |
source_bearer | Source bearer token | Per source |
source_apikey | Source API key | Per source |
source_basic | Source basic auth | Per source |
anthropic_api_key and claude_oauth are legacy global credentials. New installations store credentials per LLM connection.Examples
Credential Scoping
Credentials are scoped at two levels:- LLM connection credentials are tied to a specific connection slug
- Source credentials are specific to a source within a workspace, using the 3-part key format
Legacy global credentials are migrated automatically into LLM connection credentials:
anthropic_api_key::global→llm_api_key::anthropic-apiclaude_oauth::global→llm_oauth::claude-max
Viewing Stored Credentials
You can see what credentials are stored (but not their values):Managing Credentials
Adding Credentials
Credentials are added automatically when you:- Complete the setup wizard (API key or OAuth)
- Connect to a source requiring authentication
- Authenticate with an MCP server
Removing Credentials
To clear all credentials, delete the credentials file:Security Considerations
File permissions
File permissions
The credentials file is created with restricted permissions (readable only by your user). Verify with:
Backup considerations
Backup considerations
If you backup your home directory, the credentials file is included but encrypted. It cannot be decrypted on a different machine.
Machine migration
Machine migration
When moving to a new machine, you’ll need to re-enter credentials. The encrypted file from your old machine won’t work.
Shared accounts
Shared accounts
Environment Variable Override
For automation or CI environments, you can provide credentials via environment variables:| Variable | Purpose |
|---|---|
ANTHROPIC_API_KEY | Anthropic API key |
CRAFT_ANTHROPIC_API_KEY | Anthropic API key (takes precedence over ANTHROPIC_API_KEY) |
CRAFT_CLAUDE_OAUTH_TOKEN | Claude OAuth token (for Claude Max subscriptions) |
Troubleshooting
Credential not found errors
Credential not found errors
The credential may have been removed or corrupted. Re-enter it:
- For API keys: Open Settings and re-enter your key
- For OAuth: Re-authenticate when prompted
Cannot decrypt credentials
Cannot decrypt credentials
This usually means the file was copied from another machine. Delete the credentials file and re-enter credentials:
File permission errors
File permission errors
Fix permissions: