Saved credentials

The credentials vault lets you store API keys, OAuth tokens, and webhook secrets at the workspace level. Once saved, any automation node that requires a key can reference it by name — you never need to paste the same token into dozens of nodes.

---

Go to Settings → Credentials (or /workspace/credentials):

• Add — enter a name, type, and value (the raw key or token)
• Edit — update the name or rotate the value
• Delete — permanently removes the credential; automations that reference it will fail until updated

Credential values are encrypted at rest and never returned in full after saving — you only see the last 4 characters to confirm which key is saved.

---

---

1. Open the automation builder
2. Select a node that accepts a credential (e.g. Slack, GoHighLevel, Google Sheets)
3. In the config panel, the Credential field shows a dropdown of all saved credentials of the matching type
4. Select the saved credential — the actual value is never shown on the canvas

---

GoHighLevel, HubSpot, Pipedrive, and Google integrations use OAuth rather than raw API keys. To connect:

1. Go to Settings → Credentials → Connect [service]
2. Complete the OAuth flow in the popup window
3. The token is automatically saved as a credential named [service] — [your email]
4. Select it in any compatible node

OAuth tokens auto-refresh in the background — you never need to reconnect unless you revoke access on the provider's side.

---

• Credentials are encrypted with AES-256 before storage
• Values are never logged, never included in error messages, and never returned via the API
• Deleting a credential is permanent and cannot be undone
• Admin users can see credential names and types (not values) workspace-wide