Skip to main content

What are Credentials?

Credentials in Flowise are secure storage objects for API keys, tokens, and authentication information required by nodes to connect to external services. They provide centralized, encrypted management of sensitive data, ensuring your integrations work without exposing secrets in your workflow configurations.
Credentials are encrypted before storage and are never included in exported chatflows or agentflows, protecting your sensitive data.

Credential Architecture

Credential Structure

Credentials are stored as database entities: 
interface ICredential {
  id: string              // Unique credential ID
  name: string           // User-defined name (e.g., "My OpenAI Key")
  credentialName: string // Type identifier (e.g., "openAIApi")
  encryptedData: string  // Encrypted credential values
  createdDate: Date
  updatedDate: Date
  workspaceId: string    // Workspace isolation
}

Credential Types

Each credential type is defined by a credential class: 
class AnthropicApi implements INodeCredential {
  label: string = 'Anthropic API'
  name: string = 'anthropicApi'
  version: number = 1.0
  
  inputs: INodeParams[] = [
    {
      label: 'Anthropic Api Key',
      name: 'anthropicApiKey',
      type: 'password'
    }
  ]
}
Credential types are loaded from flowise-components/dist/credentials at server startup, similar to how nodes are loaded.

Supported Credential Types

Flowise supports credentials for numerous services:

AI Providers

OpenAI, Anthropic, Google, Azure, Cohere, Hugging Face

Cloud Services

AWS, Azure, Google Cloud, Cloudflare

Databases

Pinecone, Supabase, MongoDB, Postgres, Astra

Search & APIs

SerpAPI, Brave Search, Serper, Tavily

Integrations

Airtable, Notion, GitHub, GitLab, Slack

Custom

MCP Servers, Custom APIs, Webhooks

Credential Lifecycle

Creating Credentials

1

Navigate to Credentials

Access the Credentials section in the Flowise UI
2

Select Type

Choose the credential type matching your service (e.g., “OpenAI API”)
3

Provide Details

Enter required information:
  • Credential name (for your reference)
  • API keys, tokens, or authentication details
  • Optional configuration parameters
4

Save & Encrypt

Credentials are encrypted and stored in the database

Using Credentials in Nodes

When configuring a node that requires authentication:
  1. Node displays a “Connect Credential” dropdown
  2. Select from your saved credentials of compatible types
  3. Credential is linked to the node instance
  4. At runtime, encrypted data is decrypted and injected
// In node configuration
credential: {
  label: 'Connect Credential',
  name: 'credential',
  type: 'credential',
  credentialNames: ['openAIApi', 'azureOpenAIApi'] // Compatible types
}
One credential can be reused across multiple nodes, making it easy to update API keys in one place.

Security Features

Encryption at Rest

Credentials are encrypted before storage:
  • Algorithm: Industry-standard encryption
  • Storage: Only encrypted data is persisted to the database
  • Decryption: Happens only at runtime when needed
Never commit the encryption key to version control. Store it securely as an environment variable.

Workspace Isolation

Credentials are scoped to workspaces:
  • Each credential belongs to a specific workspace
  • Users can only access credentials in their workspace
  • Prevents credential leakage between teams or projects

Flow Data Separation

Credentials are NOT included in flow exports: 
// Flow data structure
{
  "nodes": [
    {
      "id": "node_123",
      "data": {
        "inputs": {
          "model": "gpt-4",
          "temperature": 0.7
        },
        "credential": "FLOWISE_CREDENTIAL_ID" // Only ID, not actual values
      }
    }
  ]
}
When importing flows, you must reconnect credentials manually.

Credential Management

Updating Credentials

To update an existing credential:
  1. Navigate to the credential in the UI
  2. Edit the encrypted fields
  3. Save changes
  4. All nodes using this credential automatically use the updated values
No need to update individual nodes when rotating API keys - just update the credential once.

Deleting Credentials

Deleting a credential that’s in use will break associated nodes. Flowise may show warnings if credentials are referenced by active chatflows.
Before deletion:
  1. Check which chatflows use the credential
  2. Update or remove those references
  3. Then safely delete the credential

Credential Icons

Credentials inherit icons from their associated nodes: 
// During node initialization
if (newNodeInstance.credential) {
  for (const credName of newNodeInstance.credential.credentialNames) {
    this.credentialIconPath[credName] = nodeIconAbsolutePath
  }
}

// During credential initialization
newCredInstance.icon = this.credentialIconPath[newCredInstance.name] ?? ''
This provides visual consistency in the UI.

Advanced Features

Multi-Field Credentials

Some credentials require multiple values: 
inputs: [
  {
    label: 'AWS Access Key ID',
    name: 'accessKeyId',
    type: 'password'
  },
  {
    label: 'AWS Secret Access Key',
    name: 'secretAccessKey',
    type: 'password'
  },
  {
    label: 'AWS Region',
    name: 'region',
    type: 'string',
    default: 'us-east-1'
  }
]

OAuth Credentials

For services requiring OAuth flows:
  1. Credential type includes OAuth endpoints
  2. User initiates authentication flow
  3. Access and refresh tokens are stored encrypted
  4. Tokens are automatically refreshed when expired

Conditional Credentials

Some nodes accept multiple credential types: 
credentialNames: ['openAIApi', 'azureOpenAIApi', 'openRouterApi']
Users choose which type to use based on their provider.

API Integration

Credential Request Flow

When creating via API: 
interface ICredentialReqBody {
  name: string                    // Display name
  credentialName: string          // Type (e.g., "anthropicApi")
  plainDataObj: ICredentialDataDecrypted // Unencrypted values
  workspaceId: string
}
Server encrypts plainDataObj before storage.

Credential Response

When retrieved (for editing): 
interface ICredentialReturnResponse extends ICredential {
  plainDataObj: ICredentialDataDecrypted // Decrypted for display
}
Decrypted credentials are only returned to authorized users and should never be logged or transmitted insecurely.

Best Practices

Security Best Practices
  • Use unique credentials for each environment (dev, staging, prod)
  • Rotate API keys regularly
  • Use least-privilege access (API keys with minimal required permissions)
  • Monitor credential usage through analytics
  • Delete unused credentials to reduce attack surface
Organization Best Practices
  • Use descriptive names: “Production OpenAI Key” vs “OpenAI 1”
  • Document credential purpose in the name or a comment system
  • Create separate credentials for different projects/teams
  • Audit credential usage periodically

Credential Types Reference

Common Credential Types

OpenAI API (openAIApi)
  • OpenAI API Key
  • Optional: Organization ID
Anthropic API (anthropicApi)
  • Anthropic API Key
Google Generative AI (googleGenerativeAI)
  • Google API Key
Pinecone (pineconeApi)
  • Pinecone API Key
  • Environment (deprecated in newer versions)
Supabase (supabaseApi)
  • Supabase URL
  • Supabase API Key
AWS (awsCredential)
  • Access Key ID
  • Secret Access Key
  • Region
MCP Server (mcpServer)
  • Server configuration (command, args, env)

Testing Credentials

While Flowise doesn’t have built-in credential testing, you can verify credentials by:
  1. Creating a simple test chatflow
  2. Using the credential in a basic node
  3. Running a test query
  4. Checking for authentication errors

Troubleshooting

Credential Not Appearing in Dropdown
  • Ensure credential type matches node’s credentialNames
  • Check that credential was saved successfully
  • Verify workspace permissions
Authentication Errors at Runtime
  • Verify API key is correct and active
  • Check API key permissions/scopes
  • Confirm service is not experiencing outages
  • Review rate limits and quotas
Credential Lost After Import
  • Credentials are not included in exports (security feature)
  • Manually recreate credentials in the target environment
  • Reconnect credentials to imported nodes
  • Nodes - Using credentials in node configurations
  • Chatflows - Building workflows with authenticated nodes
  • Agentflows - Using credentials in autonomous workflows

Build docs developers (and LLMs) love

Get started for freeTalk to us