AgentPMT

Learn how AgentPMT securely manages API keys, OAuth tokens, and passwords your tools need to function.

How Credentials Work

Some tools need authentication to work -- an API key for a weather service, OAuth tokens for Google Workspace, or a password for a database. AgentPMT handles these securely through credentials.

The Flow#

A tool declares what it needs

Each tool specifies a credential schema: which fields are required (API key, token, username/password, etc.) and what format they should be in.

You provide the values

In your dashboard under the Credentials tab, you create a credential record and fill in the required fields. Secret values are masked after saving.

You bind it to a budget

Go to your budget's settings and bind the credential to the relevant tool. This tells AgentPMT: "When this agent calls this tool using this budget, use these credentials."

Agent calls the tool

When your agent makes a tool call, AgentPMT automatically injects the bound credentials. The agent never sees your raw secrets.

Security#

Your secrets stay safe

Credential values are encrypted at rest. Your agent never receives raw credential values -- they are injected server-side when the tool call is routed to the vendor's endpoint.

  • Secret fields are masked in the dashboard after saving
  • Credentials are encrypted in the database
  • Credentials are injected server-side -- they never pass through your agent
  • Each credential is scoped to a budget -- different budgets can use different credentials for the same tool

When You Don't Need Credentials#

Many tools on AgentPMT work without any credentials. If a tool is fully hosted by the vendor and doesn't require external authentication, you just add it to your budget and go.

You only need to set up credentials when a tool connects to a third-party service that requires your own account (e.g., your Google account, your Stripe account, your custom API).

Managing Credentials#

From your dashboard:

  • Credentials tab -- Create, edit, and delete credential records
  • Budget settings -- Bind credentials to specific budgets
  • Missing credential warnings -- If your agent tries to call a tool that needs credentials you haven't provided, you'll see a warning in the chat interface with a link to set them up

Set Up Your First Budget

Learn how to create a budget and bind credentials

What is a Tool

Understand what tools are and how they use credentials