Credentials

Orchka provides a secure credential management system for storing and using API keys, tokens, and authentication details in your workflows.

Overview

Instead of hardcoding sensitive values in your workflow nodes, you can:

  1. Store credentials securely with AES-256-GCM encryption
  2. Reference credentials by ID in your nodes
  3. Credentials are decrypted only during workflow execution

Credential Types

TypeFieldsUse Case
API KeyapiKeyGeneric API authentication
Basic Authusername, passwordHTTP Basic authentication
Bearer TokentokenOAuth/JWT bearer tokens
OAuth2clientId, clientSecret, accessToken, refreshTokenOAuth2 flows
OpenAIapiKey, organization (optional)OpenAI API
AnthropicapiKeyAnthropic Claude API
Google AIapiKeyGoogle Gemini API

Creating Credentials

  1. Navigate to Credentials in the dashboard sidebar
  2. Click New Credential
  3. Select the credential type
  4. Enter a unique name and the required fields
  5. Click Create

Using Credentials in Nodes

AI Agent Node

Select a stored credential instead of relying on environment variables:

  1. Open the AI Agent node settings
  2. In the Credential dropdown, select your saved credential
  3. The credential type must match the selected model provider
Model: gpt-4o
Credential: My OpenAI Key (OpenAI type)

HTTP Request Node

Use credentials for API authentication:

  1. Open the HTTP Request node settings
  2. Set Auth Type to "Credential"
  3. Select the appropriate credential

Supported credential types for HTTP:

  • Bearer TokenAuthorization: Bearer <token>
  • Basic AuthAuthorization: Basic <base64>
  • API KeyX-API-Key: <key>

Testing Credentials

Before using a credential in production:

  1. Open the credential details
  2. Click Test Credential
  3. For AI provider credentials, this validates the API key with the provider

Security

  • Credentials are encrypted at rest using AES-256-GCM
  • Decryption only occurs during workflow execution
  • Credential data is never exposed in API responses (only metadata)
  • Audit logs track credential access during workflow runs

Environment Setup

Generate an encryption key for your deployment:

# Generate a 32-byte hex key
openssl rand -hex 32

Add to your .env:

CREDENTIAL_ENCRYPTION_KEY=your_64_character_hex_key_here

Best Practices

  1. Use descriptive names - "Production OpenAI" vs "test-key-1"
  2. Rotate credentials regularly - Update credentials without changing workflows
  3. Test before deploying - Use the test feature to validate credentials
  4. One credential per purpose - Easier to track and rotate

AI Agent

Use credentials with AI models.

Node Types

See all available nodes.

Expression Engine

Transform data dynamically using JSONata expressions

Execution Monitoring

Track, debug, and analyze your workflow executions

On this page

CredentialsOverviewCredential TypesCreating CredentialsUsing Credentials in NodesAI Agent NodeHTTP Request NodeTesting CredentialsSecurityEnvironment SetupBest Practices