The Vault is Plinqx’s secure credential storage system. Instead of storing credentials directly in tools, you store them once in the Vault and reference them by name.Documentation Index
Fetch the complete documentation index at: https://hypha-docs.plinqx.app/llms.txt
Use this file to discover all available pages before exploring further.
Why Use the Vault?
The Vault provides:- Centralized Management: Store all credentials in one place
- Security: Credentials are encrypted and never exposed in tool configurations
- Reusability: Reference the same credential in multiple tools
- Rotation: Update credentials once, all tools using it are updated
- Audit Trail: Track who created and modified credentials
Creating Vault Entries
Credential Types
API Key
Simple key-based authentication:- Name: Unique identifier for this credential
- Key Value: The API key itself
- Description: Optional description
Bearer Token
OAuth2 or JWT tokens:- Name: Unique identifier
- Token Value: The bearer token
- Auto-refresh: Enable automatic token refresh (if supported)
Bearer tokens can be automatically refreshed if the credential provider supports OAuth2 refresh tokens.
Basic Auth
Username/password authentication:- Name: Unique identifier
- Username: Authentication username
- Password: Authentication password
OAuth2 Client Credentials
Machine-to-machine OAuth:- Name: Unique identifier
- Client ID: OAuth client identifier
- Client Secret: OAuth client secret
- Token URL: OAuth token endpoint
- Scopes: Required OAuth scopes
OAuth2 Authorization Code
User-delegated OAuth with refresh:- Name: Unique identifier
- Client ID: OAuth client identifier
- Client Secret: OAuth client secret
- Authorization URL: OAuth authorization endpoint
- Token URL: OAuth token endpoint
- Refresh URL: OAuth refresh endpoint (optional)
- Scopes: Required OAuth scopes
Referencing Credentials
Reference Vault credentials in tool configurations using:Example Usage
In a Custom Tool’s authentication configuration:- Auth Type: API Key (Header)
- Header Name:
X-API-Key - Value:
{{vault.MY_API_KEY}}
{{vault.MY_API_KEY}} with the actual credential value at runtime.
Managing Credentials
Editing Credentials
Updating a credential automatically updates all tools that reference it. No need to update each tool individually.
Testing Credentials
Test credentials before using them in tools:Rotating Credentials
To rotate a credential:- Create a new Vault entry with the new credential
- Update tools to reference the new entry
- Delete the old entry once all tools are updated
Security Best Practices
Use Strong Names
Use descriptive, unique names for easy identification
Regular Rotation
Rotate credentials periodically for security
Least Privilege
Use credentials with minimum required permissions
Monitor Usage
Review which tools use each credential regularly
OAuth Connections
For OAuth2 Authorization Code flows, Plinqx manages user connections separately:- Vault Entry: Stores OAuth app configuration
- OAuth Connection: Stores user-specific tokens per principal
Each user (Principal) can have their own OAuth connection using the same Vault entry configuration.
Next Steps
Create Custom Tools
Use Vault credentials in custom tools
Connect Providers
Set up OAuth for provider integrations