OIDC identity for AI agents

Creddy is an OIDC provider for AI agents. Agents get their own identities and short-lived credentials — your secrets stay on the server.

View IntegrationsGitHub
Geometric key symbolizing secure credential management

The problem

Agents need identities, not your keys

GitHub Actions uses OIDC to access AWS — no shared secrets. Your AI agents should work the same way.

No agent identity

Agents use your personal tokens. No way to distinguish one agent from another or scope their access.

No visibility

No way to know which agent used which credential, when, or what it did. Auditing is impossible.

Shared secrets everywhere

Long-lived PATs and API keys copied into .env files and agent configs. If one leaks, everything is exposed.

The Agentic Dev LoopIdentity, Secrets & Trust BoundariesA deep dive into why agents need their own identity, scoped credentials, and trust zones.

How it works

Identity first, credentials second

01

Create an agent identity

Register each agent with scoped permissions. Creddy returns OIDC credentials — a client ID and secret unique to this agent.

# Create an agent identity
creddy agent create agent-12345 \
  --can github:myorg/* \
  --can anthropic
# Returns OIDC credentials
{
  "client_id": "agent_f8e7d6",
  "client_secret": "cks_xyz789..."
}
02

Vend mode: get real tokens

For services like GitHub, Creddy issues real short-lived tokens. Authenticate with your client credentials, then request a token.

# Authenticate (OAuth 2.0)
ACCESS_TOKEN=$(curl -s -X POST $CREDDY_URL/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=agent_f8e7d6" \
  -d "client_secret=cks_xyz789" | jq -r .access_token)
# Get GitHub token
curl "$CREDDY_URL/v1/credentials/github" \
  -H "Authorization: Bearer $ACCESS_TOKEN"
# → { "token": "ghs_xxxxx" }
03

Proxy mode: your keys stay hidden

For APIs without ephemeral keys (like Anthropic), agents call through Creddy's proxy. Your real API key never leaves the server.

# Configure Claude Code to use Creddy
claude config set apiUrl \
  "https://creddy.example.com/v1/proxy/anthropic"
claude config set apiKey "crd_xxx"
# Requests go through Creddy
# Your sk-ant-xxx stays on the server

Features

Built for production

OIDC provider

Standard OpenID Connect. Agents authenticate and get signed JWTs. Federate with AWS, GCP, and any OIDC-compatible service.

Ephemeral credentials

Tokens expire automatically with configurable TTL. Default is 10 minutes. No stale secrets.

Agent isolation

Each agent gets its own identity and scoped permissions. Agents never see master secrets or each other's credentials.

Full audit trail

Every credential request is logged with agent identity, service, timestamp, and expiration. Complete visibility.

Single binary

One binary, SQLite storage, zero external dependencies. Runs on your infrastructure, Tailscale-friendly.

Multi-backend

GitHub, Anthropic, OpenAI, Doppler, and more. For services without OIDC, Creddy exchanges identity for credentials.

Quick start

Up and running in seconds

Single binary. No Docker required. No external services.

# Install and start Creddy
curl -fsSL https://get.creddy.dev/install.sh | sh
creddy server
# Create an agent identity
creddy agent create agent-12345 --can github:myorg/*
# → client_id: agent_f8e7d6
# → client_secret: cks_xyz789...
# Agent gets credentials (CLI)
export CREDDY_URL=http://localhost:8400
export CREDDY_CLIENT_ID=agent_f8e7d6
export CREDDY_CLIENT_SECRET=cks_xyz789
creddy get github --ttl 10m
# → ghs_xxxxx (expires in 10 minutes)