Skip to main content
A session runs a model one of two ways:
  • Managed — run it through OpenComputer, billed to your credits, with no key to manage. The default for new orgs, and selectable per agent. Nothing to store, rotate, or protect.
  • Bring your own key (BYO) — your own provider key (Anthropic for the claude runtime, OpenAI for codex), stored once as a credential and reused across agents. It’s treated as a hard secret end to end: encrypted at rest, never returned by the API, and never present inside a sandbox.
You don’t strictly need a credential: an agent set to Managed needs no key. A session only fails to start (422 no_credential) when it resolves to neither Managed nor a usable key. The rest of this page is about BYO credentials; for Managed, just select it per agent (below).

Managed vs BYO

ManagedBYO credential
Keynone — run via OpenComputeryour Anthropic / OpenAI key
Billingyour OpenComputer creditsyour provider invoice
Setupselect it per agent (credential: "managed")add a credential (below)
Modelssame provider/model ids, per runtimesame
Pick per agent: credential: "managed" runs Managed; a cred_… id (or an inline key) runs BYO; omit it to inherit the org default. New orgs default to Managed, so you can start with no key at all and switch to BYO whenever you want. The rest of this page covers BYO.

How your keys are protected

Two independent layers — at rest and in use:
  • At rest: a dedicated secrets vault. Your key is stored in Infisical, a battle-tested, purpose-built secrets platform — encrypted at rest and isolated from OpenComputer’s own database. It’s write-only: once submitted it’s never returned by the API (reads expose only a last4 display hint).
  • In use: never handed to the agent. The real key never enters the sandbox. The runtime runs with an opaque placeholder, and OpenComputer’s secret-store egress proxy swaps in the real value in flight — only on the outbound HTTPS call to the model provider (api.anthropic.com / api.openai.com), enforced by an egress allowlist, and nowhere else.
Rotating a key’s value reaches running sessions too, so a compromised key retires without restarting work (rotation).
Keep your org API key (which manages credentials) on your backend, and hand browsers only session-scoped client tokens — never a model key or the org key.

Add a credential

Skip this entirely with Managed — set an agent’s credential to "managed" (or rely on the org default) to run via OpenComputer billed to your credits, no key required. See Managed vs BYO below.
Set provider to anthropic or openai. name is an optional label; is_default makes it your org default for that provider (see resolution). The response is the credential’s metadata only — the key is never echoed back.
const cred = await oc.credentials.create({
  provider: "anthropic",
  key: "sk-ant-...",
  name: "prod",
  isDefault: true,
});
// → { id: "cred_…", provider: "anthropic", name: "prod", last4: "AB12", isDefault: true, createdAt: "…" }
Attach it to an agent by id, so the agent runs on it:
TypeScript SDK
await oc.agents.create({ name: "reviewer", runtime: "claude", model: "anthropic/claude-opus-4-8", prompt: "…", credential: cred.id });
// …or run Managed (billed to credits, no key):
await oc.agents.create({ name: "reviewer", runtime: "claude", model: "anthropic/claude-opus-4-8", prompt: "…", credential: "managed" });
Prefer not to touch the API? Add and manage credentials from the dashboard under Agents → Credentials — and pick one (or add a new one inline) right in the create-agent dialog.

List, default, and remove

const creds = await oc.credentials.list();           // metadata only (last4, never the key)
await oc.credentials.setDefault({ credential: "cred_..." });
await oc.credentials.delete("cred_...");
The credential object: { id, provider, name?, last4, is_default, created_at }. last4 is the last four characters, for display — the key itself is never returned.
Deleting a credential breaks agents pinned to it and sessions that fall back to it, until you point them at another credential, at Managed (credential: "managed"), or set a new default. If your org has no other default, they fall back to Managed automatically.

Resolution

When a session is created, its model source is resolved (and pinned for the session’s life) in this order:
  1. The agent’s credential: "managed" → run Managed, billed to your credits.
  2. The agent’s BYO credential, if it has one and it matches the runtime’s provider.
  3. Your org default BYO credential for that provider.
  4. Managed, if your org has no BYO default — so a new org runs Managed out of the box.
Only if none resolves does the session fail to start: 422 no_credential (no Managed and no usable key), or 422 managed_unavailable (Managed selected/defaulted but not yet active for your org).

Rotation

Rotating the key value behind a credential flows to running sessions too — the one exception to a session’s otherwise pinned config, so a compromised key can be swapped without restarting work. Rotate the credential:
await oc.credentials.rotate("cred_...", "sk-ant-NEW...");
Passing a new key to oc.agents.update still works as a shortcut — it rotates the agent’s attached credential. Changing which credential an agent uses (a different credential id) affects only future sessions — existing sessions keep the one they pinned.

Shortcut: add a key inline

For the true no-key path, use Managed (credential: "managed") — nothing to store. If you’re going BYO, you rarely call the credentials API directly: the common path is to pass the key inline when you create an agent — it’s stored as a credential (with all of the protections above) and attached to the agent in one call. The provider is inferred from the agent’s model (anthropic/… → Anthropic, openai/… → OpenAI).
await oc.agents.create({
  name: "reviewer",
  runtime: "claude",
  model: "anthropic/claude-opus-4-8",
  prompt: "Review the repo. Run tests. Summarize risks.",
  key: "sk-ant-...",
});
Reach for the standalone resource above when you want to reuse one key across agents, set an org default, or rotate / remove keys.