Available on crate feature
managed-agents-preview only.Expand description
Vaults: per-user collections of MCP credentials.
Vaults are workspace-scoped and reference credentials by ID at session creation time. Credentials are write-only: secret fields are never returned in API responses.
Constraints:
- One active credential per
mcp_server_urlper vault. mcp_server_urlis immutable after creation; archive and replace.- Maximum 20 credentials per vault.
Structs§
- Create
Credential Request - Request body for
POST /v1/vaults/{id}/credentials. - Create
Vault Request - Request body for
POST /v1/vaults. - Credential
- A stored credential. Secret fields are never echoed in API
responses; the
authobject carries only the non-secret metadata (server URL, expiry, etc.). - Credentials
- Namespace handle for credential operations on a single vault.
- List
Vaults Params - Optional knobs for
Vaults::list. - McpOauth
Auth mcp_oauthcredential body.- McpOauth
Builder - Builder for
McpOauthAuthcredentials. - OAuth
Refresh - OAuth refresh configuration on an
mcp_oauthcredential. - OAuth
Refresh Patch - Partial refresh-block patch for
CredentialAuthPatch::McpOauth. - Static
Bearer Auth static_bearercredential body.- Update
Credential Request - Patch applied to an existing credential. Only the secret payload and
a few metadata fields are mutable;
mcp_server_url,token_endpoint, andclient_idare locked after creation. - Vault
- A vault: collection of MCP credentials, typically scoped to one end-user.
- Vaults
- Namespace handle for the Vaults API.
Enums§
- Credential
Auth - Credential authentication payload.
- Credential
Auth Patch - Partial auth update for
UpdateCredentialRequest. Pass only the fields you want to rotate; immutable fields (mcp_server_url,token_endpoint,client_id) cannot be changed. - Credential
Auth Response - Auth payload as returned on a credential response. Mirrors
CredentialAuthbut never carries the secret token fields. - Token
Endpoint Auth - Token-endpoint authentication scheme for refreshing OAuth credentials.