---
title: Credentials Overview
subtitle: Securely store login details, payment info, and secrets for your automations
slug: cloud/managing-credentials/credentials-overview
---

The **Credentials** page stores sensitive values (passwords, payment cards, and secrets) so your workflows can use them without embedding secrets in prompts or parameters. Skyvern stores credentials by default with no external service required.

<img src="/images/cloud/credentials-overview.png" alt="Credentials page overview" />

## How Skyvern keeps credentials secure

Sensitive credential data never reaches the LLM, logs, or API responses.

<Steps>
  <Step title="Encrypted at rest">
    When you save a credential, the sensitive data (passwords, card numbers, CVVs, and TOTP secrets) is sent to a secure vault that provides encryption at rest. Skyvern supports multiple vault backends: Bitwarden, 1Password, Azure Key Vault, and custom webhook providers. Skyvern's own database stores only non-sensitive metadata: credential name, username, card last four digits, card brand, TOTP method, and similar identifiers. Passwords, full card numbers, CVVs, and TOTP secrets are stored exclusively in the vault.
  </Step>
  <Step title="Placeholders during execution">
    When a workflow runs, the LLM receives only placeholder IDs like `placeholder_Xk9m_password`. The AI decides *where* to type on the page, but never sees the real values. No third party, including the LLM provider, ever accesses your actual credentials.
  </Step>
  <Step title="Just-in-time injection">
    At the browser level, the automation layer resolves placeholders to real values and types them directly into the page. After execution, credential values that appear in HTTP Request block responses, block context snapshots, and conditional evaluation outputs are automatically masked before storage.
  </Step>
</Steps>

---

## Quick start

<Steps>
  <Step title="Navigate to the Credentials page">
    Click **Credentials** in the left sidebar under **General**.
    <img src="/images/cloud/credentials-sidebar-nav.png" alt="Credentials option in the left sidebar under General" />
  </Step>
  <Step title="Click + Add">
    Choose the credential type: **Password**, **Credit Card**, or **Secret**.
    <img src="/images/cloud/credentials-add-dropdown.png" alt="Add dropdown showing Password, Credit Card, and Secret options" />
  </Step>
  <Step title="Fill in the details and save">
    Enter the required fields and click **Save**. The credential is immediately available for use in workflows.
  </Step>
</Steps>

---

## What you can store

<CardGroup cols={3}>
  <Card
    title="Password Credentials"
    icon="key"
    href="/cloud/managing-credentials/password-credentials"
  >
    Username, password, and optional 2FA configuration for automated logins
  </Card>
  <Card
    title="Credit Card Credentials"
    icon="credit-card"
    href="/cloud/managing-credentials/credit-card-credentials"
  >
    Payment card details for purchase and checkout workflows
  </Card>
  <Card
    title="Secret Credentials"
    icon="file-shield"
    href="#secret-credentials"
  >
    A single sensitive string such as an API key, bearer token, or any value you don't want hardcoded
  </Card>
</CardGroup>

Password and Credit Card credentials have their own pages. Secrets are simpler and documented here.

### Secret credentials

Secrets store a single sensitive value (an API key, bearer token, or similar). Create one from **+ Add → Secret**, give it a name and value, then reference it in HTTP Request, Code, or Workflow Trigger blocks using the credential parameter's key:

```
{{ parameter_key.secret_value }}
```

Replace `parameter_key` with the **key** assigned to the credential parameter in the workflow editor (e.g., `credentials`, `credentials_1`).

---

## Using credentials in workflows

The most common pattern is a **Login block**. A Login block is a workflow step that signs into a website using stored credentials. Select a credential from the dropdown, and Skyvern fills in the username, password, and 2FA code (if configured) automatically. See [Block Reference](/cloud/building-workflows/configure-blocks) for details.

For workflows that need different credentials at runtime, add a **Credential parameter** (type: `credential_id`). When someone runs the workflow, they pick which credential to use from a dropdown. See [Workflow Parameters](/cloud/building-workflows/add-parameters) for setup.

---

## Deleting credentials

Click the **trash icon** on any credential row. Deletion is permanent and cannot be undone. If a workflow references a deleted credential, the run will fail during initialization until you assign a replacement.

<CardGroup cols={2}>
  <Card
    title="Password Credentials"
    icon="key"
    href="/cloud/managing-credentials/password-credentials"
  >
    Store logins with optional 2FA
  </Card>
  <Card
    title="Credit Card Credentials"
    icon="credit-card"
    href="/cloud/managing-credentials/credit-card-credentials"
  >
    Store payment details for checkout workflows
  </Card>
  <Card
    title="2FA / TOTP Setup"
    icon="shield-halved"
    href="/cloud/managing-credentials/totp-setup"
  >
    Configure and manage two-factor authentication
  </Card>
  <Card
    title="External Providers"
    icon="vault"
    href="/cloud/managing-credentials/external-providers"
  >
    Connect Bitwarden, 1Password, Azure Key Vault, or a custom API
  </Card>
</CardGroup>