Typescript sdkCredentials
Overview
Copy page
Choosing a Credential Store
MCP servers and external agents may require authentication for secure access. The Inkeep agent framework supports storing these credentials in three different ways:
Nango Store (Recommended)
Best for: Development or Production environments with OAuth2.1/PKCE flows and complex integrations
Pros:
- Automatic token refresh for OAuth
- Supports additional metadata headers
- Works with complex OAuth flows (OAuth2.0/PKCE)
- Managed service (self-hosted or cloud)
Keychain Store (Default)
Best for: Local development with OAuth services
Cons:
- Not suitable for production
- No automatic token refresh
- Requires manual re-authentication when tokens expire
- Does not support additional metadata headers
Environment Variables
Best for: Simple API keys and bearer tokens in development or production
Pros:
- Direct configuration via TypeScript SDK
Cons:
- Does not support additional metadata headers
- Does not support OAuth2.1/PKCE flows
Environment-aware Credentials
When you need different credentials for different environments (e.g., development vs. production), you can take advantage of environment-aware credentials. This approach allows you to:
- Define separate credentials for each environment
- Automatically load the correct credentials based on your deployment environment
- Keep your development and production credentials cleanly separated
- Easily switch between environments using the CLI's
--envflag
Learn more about setting up environment-aware credentials in the dedicated guide.