Credentials

Securely manage external service credentials and integrations for use in your API flows and edge functions.

Overview

The Credentials section lets you connect your project to external services like AWS, Google, databases, and messaging platforms. All credentials are encrypted with AES-256 at rest and are never exposed in the UI after being saved.

Once stored, credentials can be referenced from two places:

Flow Editor — Use the Credentials Select widget when configuring nodes
Edge Functions — Access credentials via the dypai.credentials module

Credentials are scoped to a single project. Each project manages its own set of integrations independently.

Supported Integrations

Provider	Services	Auth type
AWS	S3, SES, SNS, SQS, Lambda, DynamoDB	Access Key + Secret
Google	Sheets, Drive, Calendar, Gmail, Analytics	Service Account JSON
Microsoft	Excel, OneDrive, Outlook, Teams	OAuth / Client Credentials
Databases	PostgreSQL, MySQL, MongoDB	Connection String
Communication	Telegram, Slack	Bot Token / Webhook URL
Custom	Any service	Custom key-value fields

Adding Credentials

Open Credentials

Navigate to the Credentials section in your project sidebar.

Find your integration

Browse the integration grid or use the search bar to find the service you need.

Configure

Click Configure on the integration card. Fill in the required fields (API keys, tokens, connection strings, etc.).

Save

Click Save. The credential is encrypted and stored securely.

Once saved, credential values cannot be viewed again. To update a credential, you must re-enter all fields with new values.

Using Credentials in Flows

When configuring a node in the Flow Editor that requires external service access, use the Credentials Select widget to pick from your saved credentials. The credential is automatically injected at execution time.

Using Credentials in Edge Functions

Access stored credentials programmatically from Python or Rust edge functions:

# Python Edge Function
async def handler(request):
    # Retrieve a stored credential by name
    aws = dypai.credentials.get("my-aws-credential")

    # Use the credential fields
    s3_client = boto3.client(
        's3',
        aws_access_key_id=aws["access_key"],
        aws_secret_access_key=aws["secret_key"],
        region_name=aws["region"]
    )

    buckets = s3_client.list_buckets()
    return {"buckets": buckets}

Security

Feature	Detail
Encryption	AES-256 encryption at rest for all credential values
Decryption	Only at execution time, inside the engine sandbox
Visibility	Values are never returned to the client after initial save
Scope	Each credential is scoped to a single project
Audit	Credential access is logged in the Console

Managing Credentials

From the credentials list you can:

Update — Re-enter credential values to rotate keys or update tokens
Delete — Remove a credential permanently

Deleting a credential will break any flows or edge functions that reference it. Update your flows before removing a credential.

Next steps

Overview

Once stored, credentials can be referenced from two places:

Flow Editor — Use the Credentials Select widget when configuring nodes

Edge Functions — Access credentials via the dypai.credentials module

Credentials are scoped to a single project. Each project manages its own set of integrations independently.

Supported Integrations

Provider

Services

Auth type

AWS

S3, SES, SNS, SQS, Lambda, DynamoDB

Access Key + Secret

Google

Sheets, Drive, Calendar, Gmail, Analytics

Service Account JSON

Microsoft

Excel, OneDrive, Outlook, Teams

OAuth / Client Credentials

Databases

PostgreSQL, MySQL, MongoDB

Connection String

Communication

Telegram, Slack

Bot Token / Webhook URL

Custom

Any service

Custom key-value fields

Adding Credentials

Open Credentials

Navigate to the Credentials section in your project sidebar.

Find your integration

Browse the integration grid or use the search bar to find the service you need.

Configure

Click Configure on the integration card. Fill in the required fields (API keys, tokens, connection strings, etc.).

Save

Click Save. The credential is encrypted and stored securely.

Once saved, credential values cannot be viewed again. To update a credential, you must re-enter all fields with new values.

Using Credentials in Edge Functions

Access stored credentials programmatically from Python or Rust edge functions:

# Python Edge Function async def handler(request): # Retrieve a stored credential by name aws = dypai.credentials.get("my-aws-credential") # Use the credential fields s3_client = boto3.client( 's3', aws_access_key_id=aws["access_key"], aws_secret_access_key=aws["secret_key"], region_name=aws["region"] ) buckets = s3_client.list_buckets() return {"buckets": buckets}

Feature

Detail

Encryption

AES-256 encryption at rest for all credential values

Decryption

Only at execution time, inside the engine sandbox

Visibility

Values are never returned to the client after initial save

Scope

Each credential is scoped to a single project

Audit

Credential access is logged in the Console