Typescript sdkCredentials
Credential Store Options
Copy page
Credential Store Options
MCP servers and external agents may require authentication for secure access. The Inkeep agent framework supports storing these credentials in three different ways:
Nango Store (Recommended)
Best for: Development or Production environments with OAuth2.1/PKCE flows and complex integrations
Pros:
- Automatic token refresh for OAuth
- Supports additional metadata headers
- Works with complex OAuth flows (OAuth2.0/PKCE)
- Managed service (self-hosted or cloud)
Keychain Store (Default)
Best for: Local development with OAuth services
Cons:
- Not suitable for production
- No automatic token refresh
- Requires manual re-authentication when tokens expire
- Does not support additional metadata headers
Environment Variables
Best for: Simple API keys and bearer tokens in development or production
Pros:
- Direct configuration via TypeScript SDK
Cons:
- Does not support additional metadata headers
- Does not support OAuth2.1/PKCE flows
Environment-aware Credentials
When you need different credentials for different environments (e.g., development vs. production), you can take advantage of environment-aware credentials. This approach allows you to:
- Define separate credentials for each environment
- Automatically load the correct credentials based on your deployment environment
- Keep your development and production credentials cleanly separated
- Easily switch between environments using the CLI's
--envflag
Learn more about setting up environment-aware credentials in the dedicated guide.