Cloud

Vault

Upstream credentials, loaded once, injected server-side at call time. Nobody downstream sees them.

Personal access tokens replaced
11
Imported PAT ban baseline plus every principal–server pairing now running on broker-issued tokens.
Active credentials
7
Ciphertext at rest; decrypted only in the gateway process.

Upstream credentials

CredentialKindServerStatusLast usedAdded
github-pat-legacyAPI keygithubrevoked
slack-bot-tokenBot tokenslackactive
github-appGitHub Appgithubactive
google-workspace-saService accountgoogle-workspaceactive
notion-integrationIntegration tokennotionactiverotation due
stripe-restricted-keyAPI keystripeactive
rippling-api-keyAPI keyripplingactive
hubspot-private-appAPI keyhubspotactive

Broker-issued agent tokens

What agents actually hold: scoped to one server and group, 8-hour lifetime, hash-only at rest, revocable mid-session.

TokenPrincipalScopeStatusIssuedExpiresLast used
ghk_1RPGZamOgtm-outreachhubspot · gtmactive
ghk_hIdcpMMvsupport-copilotslack · supportactive
ghk_fnOTxs2Ocall-notetakernotion · opsexpired
ghk_h2NyVA60demo-schedulergoogle-workspace · opsexpired
ghk_c_eotIdCsupport-copilotstripe · supportrevoked