Step-by-step guides for common secretless-ai workflows. Each guide takes 2-5 minutes and includes expected output so you know it worked.
| Guide | Scenario | Time |
|---|---|---|
| Protect My Credentials | Keep API keys out of AI tools | 2 min |
| Secure MCP Configs | Encrypt credentials in MCP server configurations | 3 min |
| Bring Your Own Vault | Point Secretless at HashiCorp Vault, GCP SM, or 1Password | 3 min |
| Run the Broker | Policy-gated credential daemon for multi-agent runtimes | 3 min |
| Team Setup | Set up secretless for a team with shared backend | 5 min |
| Migrate from .env | Move from .env files to secure storage | 3 min |
- Solo developer, first time: Start with Protect My Credentials. One command, immediate protection.
- Using MCP servers: Go to Secure MCP Configs. MCP server configs store plaintext API keys in JSON files that AI tools can read.
- Already have a vault (HashiCorp / GCP / 1Password): Bring Your Own Vault shows how to point Secretless at it — no AIM required.
- Multiple agents, need policy enforcement: Run the Broker sets up the credential daemon with per-agent rate limits and an audit log.
- Setting up a team: Follow Team Setup to choose a shared backend and configure CI/CD.
- Already using .env files: Migrate from .env moves existing secrets to encrypted storage without changing your workflow.
For the complete command reference, see the README.