How do you let your AI agents use your accounts securely? I'm a heavy agent user my agents read emails, manage Notion, create PRs daily. But credential management is a constant headache: pasting tokens into prompts risks theft, storing them in .env risks accidental commits, once an agent has your token it gets full access with no fine-grained control, there's no way to revoke after use, multiple agents share the same credentials with no isolation, and when something goes wrong there's zero audit trail. Ideally I want agents to request credentials on demand, auto-revoke after use, keep secrets out of the LLM context entirely, give each agent its own identity, and have full auditability. Anyone else dealing with this? How are you solving it?
Today, when users hand credentials to AI agents, they have two options: paste an API key into the agent's config, or grant full account access via OAuth. Once handed over, control is lost — users don't know which credentials the agent used, what resources it accessed, or whether it passed credentials to downstream agents.
