Secrets And Credentials
Secrets should not be baked into images, prompts, or checked-in config.
That rule matters even more in an agent system than in a typical web app, because prompts, logs, and task workspaces create more places where credentials can leak if the boundaries are weak.
Common Secret Types
Section titled “Common Secret Types”- platform admin and API keys
- runtime API keys
- JWT and webhook secrets
- model provider credentials
- integration OAuth credentials
Local Development Pattern
Section titled “Local Development Pattern”The current local stack expects file-backed or environment-backed secret handling in several places so a pulled runtime image does not need secrets embedded in it.
For local bring-up, the most visible credential is the default admin
login key in agirunner/.env:
DEFAULT_ADMIN_API_KEYis used to seed the platform’s first admin access- the dashboard login flow uses that value for the first local admin sign-in
PLATFORM_SERVICE_API_KEYseeds the stack’s internal service credential socontainer-managercan authenticate toplatform-apiwithout reusing the human bootstrap key- worker and agent credentials are issued by the platform during runtime
lifecycle registration instead of being hand-generated in
.env
Recommendation
Section titled “Recommendation”Keep secrets outside versioned config, prefer documented secret-file or environment injection patterns, and treat prompt-visible credentials as a defect.