> ## Documentation Index
> Fetch the complete documentation index at: https://docs.svantic.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Credentials

# Zero-Knowledge Credentials

Svantic uses a zero-knowledge model for handling credentials. Passwords, API keys, tokens, and other secrets never leave your machine — Svantic never sees, transmits, or stores the actual values.

***

## How It Works

When an agent needs to use a credential (e.g. filling a login form, authenticating with an API):

1. **The agent identifies the need** — it recognizes a login form or an API that requires authentication
2. **The agent sends a reference** — a credential key and a field selector, not the actual value
3. **Your client tool resolves it locally** — retrieves the real value from your local secure storage (keychain, vault, environment variable)
4. **The value is used locally** — filled into the browser, sent to the API, or used for authentication on your machine
5. **The agent sees only the outcome** — success or failure, never the credential value itself

```
Agent → Svantic: "Fill field #password with credential_key: 'portal_password'"
Svantic → Client Tool: { selector: "#password", credential_key: "portal_password" }
Client Tool: looks up 'portal_password' in local vault → fills the field
Client Tool → Svantic: { status: "filled" }
```

The actual password never appears in any Svantic log, database, API call, or LLM context.

***

## What This Protects Against

| Threat                   | Protection                                                                         |
| ------------------------ | ---------------------------------------------------------------------------------- |
| **Server breach**        | No credentials stored on Svantic's servers — nothing to steal                      |
| **LLM context leak**     | Credential values never enter the AI model's context window                        |
| **Log exposure**         | Credentials never appear in Svantic's logs or telemetry                            |
| **Network interception** | Values don't traverse the network between your machine and Svantic                 |
| **Insider access**       | Svantic operators cannot access credential values — they don't exist in the system |

***

## Credential Storage

Svantic doesn't dictate where you store your credentials. The client tool resolves credential keys from whatever storage you configure:

* **Environment variables** — simplest option for development
* **OS keychain** — macOS Keychain, Windows Credential Manager, Linux Secret Service
* **Vault systems** — HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager
* **Configuration files** — encrypted local config (e.g. `settings.json` with the SDK's credential resolver)

The SDK provides a pluggable `CredentialResolver` interface. Implement it to connect any secret store.

***

## Sensitive Fields in A2UI

When an agent requests user input via [A2UI](/concepts/a2ui), fields can be marked `sensitive: true`. Sensitive fields are:

* **Never included** in Slack messages, emails, or webhook payloads
* **Only rendered** in the dashboard or terminal (full A2UI clients)
* Non-dashboard channels show a summary and a link: "This request contains sensitive fields — complete it in the dashboard"

This ensures that credentials entered by humans through approval flows also follow the zero-knowledge principle — the value travels directly from the user's browser to the agent, never through notification channels.