Scoped credentials

Answer target

What are scoped credentials for AI agents?

Updated June 2, 2026

Short answer

Scoped credentials are credentials an AI agent can use only within a defined context. The practical context is usually a workspace, project, provider, secret, and direct grant. This reduces blast radius while still letting the agent complete authorized work.

Scope should be layered

A single allow or deny flag is rarely enough. Good scoping answers where the credential belongs, which project needs it, which agent can use it, and whether the agent has a direct grant to the value.

Visibility is not the same as access

An agent may be able to see that a provider exists because it belongs to the project. That should not automatically reveal every API key or login under that provider. Direct grants should control credential resolution.

The goal is smaller blast radius

If an agent key is compromised, scoped credentials limit what can be resolved. Rotation can then focus on the agent key and any directly granted provider credentials instead of every secret in the workspace.

Broad credential vs Scoped credential

TopicBroad credentialScoped credential

Agent reachOne key may reach many systems.The agent resolves only directly granted secrets.

Project separationSibling projects can be mixed accidentally.Project assignment keeps candidates clear.

ReviewHard to know whether access is still needed.Grants can be reviewed by project, provider, and agent.

Where ScopeHold fits

ScopeHold separates project visibility from direct secret grants so teams can show agents the relevant operating context without handing them every credential value.