AI agents need OAuth tokens for user accounts, but most frameworks store them in plaintext config files. Cred is open-source credential delegation middleware. The user consents once. Cred encrypts the refresh token (AES-256-GCM) and never returns it. Agents get short-lived tokens on demand. Every delegation produces a cryptographic audit receipt. We also ship CredX: a single-command encrypted credential store for agents who don't need the full SDK. Self-hosted. Apache 2.0. Zero cloud dependency.
There's no standard credential layer for AI agents, so I built one. Cred sits between the agent and a user's accounts. The user consents once. The agent gets short-lived tokens on demand. Refresh tokens stay encrypted in a vault and are never returned.
The whole thing is open-source and self-hosted. No cloud dependency, no vendor lock-in. The standalone packages (@credninja/oauth + @credninja/vault) give you full local control. And if even that's more than you need, CredX (github.com/cred-ninja/credx) is the minimal version: one command, encrypted vault, auto-refresh, done.
Happy to answer anything about the architecture, security model, or roadmap!
Hi PH, I'm Kieran, the builder behind Cred.
There's no standard credential layer for AI agents, so I built one. Cred sits between the agent and a user's accounts. The user consents once. The agent gets short-lived tokens on demand. Refresh tokens stay encrypted in a vault and are never returned.
The whole thing is open-source and self-hosted. No cloud dependency, no vendor lock-in. The standalone packages (@credninja/oauth + @credninja/vault) give you full local control. And if even that's more than you need, CredX (github.com/cred-ninja/credx) is the minimal version: one command, encrypted vault, auto-refresh, done.
Happy to answer anything about the architecture, security model, or roadmap!