Credential governance

Keep provider access controlled before an Agent goes live

AI Team separates your business-system access from AI Team-managed operating keys. Every production Agent needs a known owner, access map, rotation path, revocation path, fallback rule, and deployment QA evidence before go-live.

Secret ownership map

Credentials are categorized before go-live so you know who owns the provider account, who can revoke access, and who pays variable usage.

Your systems of record normally stay under client-owned accounts, OAuth grants, service accounts, roles, or scoped API keys.
AI Team-managed credentials are reserved for standard model use, long-running work, run records, QA, alerting, and operator review.
Voice, telephony, SMS, WhatsApp, scraping, SEO, enrichment, ads, and data providers need explicit billing ownership and spend controls.

First supported provider categories

The first provider inventory focuses on SME tools where access, revocation, and fallback behavior can be made explicit.

CRM: HubSpot, Salesforce, and Pipedrive using client-owned OAuth, private app access, or role-limited users.
Workspace and communication: Google Workspace, Microsoft 365, Slack, WhatsApp, SMS, and email through approved app or account access.
Commerce, support, data, SEO, voice, model gateway, and analytics providers need separate ownership, spend, and revocation records before use.

Key rotation procedure

Rotation is handled as a controlled change so an expired or compromised key does not break live work quietly.

Identify the Agent, provider, owner, scopes, storage location, expiry, affected workflows, and current revocation path.
Create or request replacement access through the approved owner without sending secrets through public forms or operator notes.
Verify least-privilege scopes, run setup or staging QA, switch the Agent, monitor failures, revoke old access, and update rotation metadata.

Credential revocation procedure

Revocation pauses affected Agents and creates an exception until review confirms safe restoration.

Revoke OAuth grants, connected apps, service accounts, API keys, provider users, webhooks, or virtual keys in the provider admin console.
Record the provider, access type, ownership mode, reason, affected workflows, revocation path, and responsible client or operator owner.
Check failed jobs, queued approvals, webhook replay risk, open pass-through charges, and stale dashboard state before restoring execution.

Fallback and pause rules

Agents use approved fallback paths instead of retrying uncontrolled actions or spending against unknown provider costs.

Missing or revoked client access pauses the Agent and routes the issue to setup, access review, or operator exception handling.
Provider outages, rate limits, webhook failures, spend caps, and unknown billing ownership trigger throttle, pause, replay, or human review.
Model failures route through approved LiteLLM fallback policy only when cost, privacy, latency, quality, and client requirements allow it.

Public-form boundary

Public website forms are intentionally non-secret-safe. Credential handoff belongs in controlled setup, not generic intake.

Setup and contact forms should reject keys, tokens, passwords, seed phrases, private URLs, and other likely secrets.
Credential status, handoff method, rotation request, and revocation request can be recorded without exposing raw secret values.
Operator notes and client handoff metadata must stay non-secret and auditable.

Next step

Need to connect a provider without losing control?

Start setup so AI Team can confirm provider ownership, scopes, pass-through costs, fallback behavior, rotation path, revocation path, and deployment QA requirements before the Agent goes live.

Start setup Contact AI Team

Secret ownership map

Credentials are categorized before go-live so you know who owns the provider account, who can revoke access, and who pays variable usage.

Your systems of record normally stay under client-owned accounts, OAuth grants, service accounts, roles, or scoped API keys.

AI Team-managed credentials are reserved for standard model use, long-running work, run records, QA, alerting, and operator review.

Voice, telephony, SMS, WhatsApp, scraping, SEO, enrichment, ads, and data providers need explicit billing ownership and spend controls.

First supported provider categories

The first provider inventory focuses on SME tools where access, revocation, and fallback behavior can be made explicit.

CRM: HubSpot, Salesforce, and Pipedrive using client-owned OAuth, private app access, or role-limited users.

Workspace and communication: Google Workspace, Microsoft 365, Slack, WhatsApp, SMS, and email through approved app or account access.

Commerce, support, data, SEO, voice, model gateway, and analytics providers need separate ownership, spend, and revocation records before use.

Key rotation procedure

Rotation is handled as a controlled change so an expired or compromised key does not break live work quietly.

Identify the Agent, provider, owner, scopes, storage location, expiry, affected workflows, and current revocation path.

Create or request replacement access through the approved owner without sending secrets through public forms or operator notes.

Verify least-privilege scopes, run setup or staging QA, switch the Agent, monitor failures, revoke old access, and update rotation metadata.

Credential revocation procedure

Revocation pauses affected Agents and creates an exception until review confirms safe restoration.

Revoke OAuth grants, connected apps, service accounts, API keys, provider users, webhooks, or virtual keys in the provider admin console.

Record the provider, access type, ownership mode, reason, affected workflows, revocation path, and responsible client or operator owner.

Check failed jobs, queued approvals, webhook replay risk, open pass-through charges, and stale dashboard state before restoring execution.

Fallback and pause rules

Agents use approved fallback paths instead of retrying uncontrolled actions or spending against unknown provider costs.

Missing or revoked client access pauses the Agent and routes the issue to setup, access review, or operator exception handling.

Provider outages, rate limits, webhook failures, spend caps, and unknown billing ownership trigger throttle, pause, replay, or human review.

Model failures route through approved LiteLLM fallback policy only when cost, privacy, latency, quality, and client requirements allow it.

Public-form boundary

Public website forms are intentionally non-secret-safe. Credential handoff belongs in controlled setup, not generic intake.

Setup and contact forms should reject keys, tokens, passwords, seed phrases, private URLs, and other likely secrets.

Credential status, handoff method, rotation request, and revocation request can be recorded without exposing raw secret values.

Operator notes and client handoff metadata must stay non-secret and auditable.