- Managed — run it through OpenComputer, billed to your credits, with no key to manage. The default for new orgs, and selectable per agent. Nothing to store, rotate, or protect.
- Bring your own key (BYO) — your own provider key (Anthropic for the
clauderuntime, OpenAI forcodex), stored once as a credential and reused across agents. It’s treated as a hard secret end to end: encrypted at rest, never returned by the API, and never present inside a sandbox.
422 no_credential) when it resolves to neither Managed nor a usable key. The rest of this page is about BYO credentials; for Managed, just select it per agent (below).
Managed vs BYO
| Managed | BYO credential | |
|---|---|---|
| Key | none — run via OpenComputer | your Anthropic / OpenAI key |
| Billing | your OpenComputer credits | your provider invoice |
| Setup | select it per agent (credential: "managed") | add a credential (below) |
| Models | same provider/model ids, per runtime | same |
credential: "managed" runs Managed; a cred_… id (or an inline key) runs BYO; omit it to inherit the org default. New orgs default to Managed, so you can start with no key at all and switch to BYO whenever you want. The rest of this page covers BYO.
How your keys are protected
Two independent layers — at rest and in use:- At rest: a dedicated secrets vault. Your key is stored in Infisical, a battle-tested, purpose-built secrets platform — encrypted at rest and isolated from OpenComputer’s own database. It’s write-only: once submitted it’s never returned by the API (reads expose only a
last4display hint). - In use: never handed to the agent. The real key never enters the sandbox. The runtime runs with an opaque placeholder, and OpenComputer’s secret-store egress proxy swaps in the real value in flight — only on the outbound HTTPS call to the model provider (
api.anthropic.com/api.openai.com), enforced by an egress allowlist, and nowhere else.
Add a credential
Setprovider to anthropic or openai. name is an optional label; is_default makes it your org default for that provider (see resolution). The response is the credential’s metadata only — the key is never echoed back.
TypeScript SDK
List, default, and remove
{ id, provider, name?, last4, is_default, created_at }. last4 is the last four characters, for display — the key itself is never returned.
Resolution
When a session is created, its model source is resolved (and pinned for the session’s life) in this order:- The agent’s
credential: "managed"→ run Managed, billed to your credits. - The agent’s BYO credential, if it has one and it matches the runtime’s provider.
- Your org default BYO credential for that provider.
- Managed, if your org has no BYO default — so a new org runs Managed out of the box.
422 no_credential (no Managed and no usable key), or 422 managed_unavailable (Managed selected/defaulted but not yet active for your org).
Rotation
Rotating the key value behind a credential flows to running sessions too — the one exception to a session’s otherwise pinned config, so a compromised key can be swapped without restarting work. Rotate the credential:key to oc.agents.update still works as a shortcut — it rotates the agent’s attached credential.
Changing which credential an agent uses (a different credential id) affects only future sessions — existing sessions keep the one they pinned.
Shortcut: add a key inline
For the true no-key path, use Managed (credential: "managed") — nothing to store. If you’re going BYO, you rarely call the credentials API directly: the common path is to pass the key inline when you create an agent — it’s stored as a credential (with all of the protections above) and attached to the agent in one call. The provider is inferred from the agent’s model (anthropic/… → Anthropic, openai/… → OpenAI).