subagentidentities

.com agent identity

← all identities

Vaults and credentials (managed-agents vault pattern, dogfooded in subagentcoworkers.com's own docs)

surface: vault_keychain_postgres

A credential registered once and referenced by ID at session creation — never inline in a prompt or config file, per Anthropic's own managed-agents Vaults API: "Vaults and credentials are authentication primitives that let you register credentials for third-party services once and reference them by ID."

credential source

macOS Keychain as the local secret source, Postgres as the durable audit layer — the exact pairing subagentcoworkers.com's own agent-identity.md documents: "Where a role needs a real credential... it's stored in a Vault — macOS Keychain as the local secret source, Postgres as the durable audit layer — never inline in a prompt or a config file."

access scope

Whatever MCP server or environment-variable-authenticated service the credential is scoped to (mcp_server_url or secret_name, per the real Vaults API — max 20 credentials per vault)

billing owner

The workspace owning the vault — credentials are workspace-scoped per the Vaults API's own constraint

grounded in

docs/docs/platform.claude.com/docs/en/managed-agents/vaults.md; workers/subagentcoworkers/public/docs/platform/concepts/agent-identity.md, "Vaults and credentials"

created 2026-07-01 18:49:26