Skip to main content
When your vault is connected, you select which credentials TinyFish uses for each run. The AI agent handles navigation and identifies login forms. TinyFish fills in the actual credentials securely, without the agent ever seeing your passwords.

Using the Playground

1

Open the vault selector

Click the lock icon in the playground toolbar.Playground toolbar with vault lock icon in gray state
2

Select credentials

Check the credentials you want to use for the run. Items are grouped by provider and vault name, and you can use Select all or Deselect all.Vault access popover with credentials grouped by provider and checkboxes
3

Run your automation

Write your goal, then click Run. TinyFish handles login during the run when a matching site requires it.Playground with vault icon showing credential count badge and goal filled in
Your credential selections persist across sessions.

Using the API

# Vault credentials support in the Python SDK is coming soon.
# For now, use the cURL example below with:
# POST https://agent.tinyfish.ai/v1/automation/run

Parameters

ParameterTypeRequiredDefaultDescription
use_vaultbooleanNofalseEnable vault credentials for this run
credential_item_idsstring[]Noall enabledScope to specific credential URIs from GET /v1/vault/items. Requires use_vault: true

Domain Matching

Credentials are matched by registered domain. For example, login.linkedin.com and www.linkedin.com are treated as the same site because both resolve to linkedin.com. This follows the same matching convention users expect from password managers. Credentials are not available on unrelated domains. If you have multiple credentials for the same domain, TinyFish uses the ones you selected for that run.

Security

What the AI agent sees

Labels and field names only. Never actual values. The agent tells TinyFish where to type, and TinyFish handles what to type.

What we don’t do

Credentials never appear in agent prompts, run logs, screenshots, or streaming output. We do not rely on visual obfuscation as a security measure.

Credential lifecycle

Credentials are resolved at the browser automation layer, not the AI planning layer. Values exist in memory only for the duration of the input action, then are discarded.

Per-run access

Each run only gets the credentials you explicitly selected. The default is no vault access with use_vault: false.

Encryption

Vault provider tokens are encrypted at rest and never stored in plaintext. You can revoke access by disconnecting the vault or rotating the token.

Limitations

LimitationNotes
MFA / TOTPSupported for time-based codes if the vault item has a TOTP field. Hardware keys and push notifications are not supported
Anti-botSome sites block automated login even with correct credentials. Use stealth mode and a proxy
Account lockoutFailed attempts count against normal lockout policies
OAuth / SSORedirect-based flows may not work for all providers
For sites with bot protection, combine vault credentials with Browser Profiles and Proxies.

Troubleshooting

Add use_vault: true to the request body.
Verify the credential domain matches the target site.
Connect a vault first in Settings → Vault.
Use credential_item_ids to scope the run to the exact credential you want.
Add browser_profile: "stealth" and proxy_config: { enabled: true }.
Connect a vault first in Settings → Vault.

FAQ

No. Values are only accessed at the moment of typing, and the AI agent never sees them.
No. Credentials are not captured in screenshots, streaming output, or logs.
Click Sync in Settings → Vault. The next run uses the updated credential.
TinyFish retries with available credentials for that domain. After multiple failures, the run continues without login.
Runs use the credential state from when they started. Sync before starting a new run.

Connect Your Vault

Set up 1Password or Bitwarden

Runs

Parameters, lifecycle, and result handling

Browser Profiles

Standard and stealth browser behavior