Cred: OAuth for AI Agents, Without Leaking Your Refresh Tokens
Every AI agent that needs to access your Google, GitHub, or Slack account faces the same problem: how do you give it credentials without giving it the keys to the kingdom? Cred solves this with a delegation layer specifically built for agents.
The mechanism is clean. You connect your account through a standard OAuth flow and choose exactly which scopes to grant. When an agent needs access, it calls cred.delegate() and receives a short-lived access token. The refresh token never leaves the vault. Cryptographic receipts log every delegation. The agent gets temporary, scoped access. You keep permanent control.
This matters because agent credential management is becoming a real problem at scale. The EU AI Act enforcement begins August 2026 with fines up to 35 million euros. Seventy percent of organizations expect to manage hundreds of agents within the next year. Hardcoding API keys or storing refresh tokens in agent memory is a ticking time bomb. Cred treats agent credentials the way enterprise IAM treats human credentials: least privilege, short-lived, auditable.
The product sits at cred.ninja and is on Product Hunt today. It is a narrow, focused tool that does one thing well. In a world where every agent framework is adding tool-calling and MCP support, someone needs to build the plumbing that makes those tools safe to use. Cred is that plumbing.
https://www.cred.ninja/
← Back to all articles
The mechanism is clean. You connect your account through a standard OAuth flow and choose exactly which scopes to grant. When an agent needs access, it calls cred.delegate() and receives a short-lived access token. The refresh token never leaves the vault. Cryptographic receipts log every delegation. The agent gets temporary, scoped access. You keep permanent control.
This matters because agent credential management is becoming a real problem at scale. The EU AI Act enforcement begins August 2026 with fines up to 35 million euros. Seventy percent of organizations expect to manage hundreds of agents within the next year. Hardcoding API keys or storing refresh tokens in agent memory is a ticking time bomb. Cred treats agent credentials the way enterprise IAM treats human credentials: least privilege, short-lived, auditable.
The product sits at cred.ninja and is on Product Hunt today. It is a narrow, focused tool that does one thing well. In a world where every agent framework is adding tool-calling and MCP support, someone needs to build the plumbing that makes those tools safe to use. Cred is that plumbing.
https://www.cred.ninja/
Comments