Cred - OAuth credential delegation for AI agents
by•
AI agents need OAuth tokens for user accounts, but most frameworks store them in plaintext config files. Cred is open-source credential delegation middleware. The user consents once. Cred encrypts the refresh token (AES-256-GCM) and never returns it. Agents get short-lived tokens on demand. Every delegation produces a cryptographic audit receipt. We also ship CredX: a single-command encrypted credential store for agents who don't need the full SDK. Self-hosted. Apache 2.0. Zero cloud dependency.
Replies
Cred
Hi PH, I'm Kieran, the builder behind Cred.
There's no standard credential layer for AI agents, so I built one. Cred sits between the agent and a user's accounts. The user consents once. The agent gets short-lived tokens on demand. Refresh tokens stay encrypted in a vault and are never returned.
The whole thing is open-source and self-hosted. No cloud dependency, no vendor lock-in. The standalone packages (@credninja/oauth + @credninja/vault) give you full local control. And if even that's more than you need, CredX (github.com/cred-ninja/credx) is the minimal version: one command, encrypted vault, auto-refresh, done.
Happy to answer anything about the architecture, security model, or roadmap!
@credninja @itskieran Hi. OAuth for AI agents is it safe to give agents real credentials without freaking out?🫣
Cred
@credninja @julia_zakharova2 Yes, definitely safer than giving agents client secrets or API keys directly, but refresh tokens still need to be handled carefully. OAuth gives you a cleaner way to control access, and if a company has lots of agents running across employees, a few guardrails go a long way.