Credentials & Auth

Tack can use credentials for three things: talking to LLM providers, publishing GitHub PR workflow branches, and creating remote sandboxes. Credentials managed by Tack are stored in ~/.config/tack/credentials.yaml and managed through tack setup, tack init, or tack auth.

The Credential Store

Credentials live at ~/.config/tack/credentials.yaml, separate from project config. This keeps secrets out of your repository.

The file has three sections:

providers:
  anthropic:
    type: api_key
    api_key: "sk-ant-..."

  openai-codex:
    type: oauth
    access_token: "..."
    refresh_token: "..."
    expires_at: 1745000000

git:
  type: pat
  host: github.com
  token: "ghp_..."

sandbox:
  daytona:
    type: api_key
    api_key: "dtc_..."

Credential Value Formats

Every credential value accepts three formats:

Format	Example	When to Use
Literal value	`"sk-ant-..."`	Secrets stored directly in the file
Environment variable name	`ANTHROPIC_API_KEY`	Reads from your shell environment
Shell command lookup	`!op read op://vault/item`	1Password, vault, or other secret managers

Tack tries the value as-is first. If it looks like an environment variable name and the literal value fails, Tack checks os.Getenv(). The !command prefix runs the rest as a shell command and uses the output.

Adding Credentials

Interactive

tack setup configures global provider/auth bindings. tack init may request project credentials when a project override needs a missing credential. Both validate the selected combination.

For individual credentials:

tack auth add anthropic
tack auth add openai-codex
tack auth add github
tack auth add daytona

Each command prompts you for the appropriate fields based on the provider type.

API Key Providers

For providers that use simple API keys:

tack auth add anthropic
# Prompts for: API key

Supported API key providers: anthropic, openai, gemini, groq, mistral, xai

OAuth Providers

For providers that support multiple auth modes (currently openai-codex):

tack auth add openai-codex
# Prompts for API key or OAuth
# OAuth stores access_token, refresh_token, and expires_at

If you choose OAuth, Tack handles token refresh automatically when credentials are used.

GitHub PR Credentials

GitHub credentials are needed when the selected blueprint creates PRs:

tack auth add github
# Prompts for: host (github.com), token

Tack validates GitHub API push permission before executing PR workflows. PR creation for non-GitHub remotes is outside this release scope and is reported as unsupported.

Sandbox Credentials

For Daytona remote sandboxes:

tack auth add daytona
# Prompts for: API key

Remote Daytona sandboxes also need a daemon callback URL that is reachable from the sandbox. Set this in your user config:

daemon:
  external_url: https://your-reachable-daemon-url.example.com

Use any URL that the remote sandbox can reach, such as a public daemon endpoint, Tailscale Funnel, Cloudflare Tunnel, or ngrok. Local sandboxes do not need daemon.external_url.

Managing Credentials

tack auth list              # Show all configured providers (masks secret values)
tack auth test anthropic    # Check that a credential resolves from the store
tack auth remove openai     # Remove a provider's credentials

tack auth test currently checks that Tack can resolve the stored credential and prints a masked summary. It does not yet make a full remote validation call.

Authentication Modes

How credentials get from the store into the running agent depends on your runtime_auth configuration:

Native Mode

runtime_auth:
  mode: native

The agent runtime uses its own authentication. Tack does not inject credentials. You need to have the appropriate environment variables set (e.g., ANTHROPIC_API_KEY) wherever the agent runs.

Native mode applies when the selected runtime can access its own credentials in the execution environment. Remote sandboxes do not automatically receive your local shell credentials.

Tack Mode

runtime_auth:
  mode: tack
  runtime: pi
  provider: anthropic
  method: api_key
  credential_ref: anthropic

Tack reads the credential from its store and injects it into the sandbox environment before the agent starts.

credential_ref maps to the provider key in credentials.yaml. In the example above, Tack reads providers.anthropic and sets the appropriate environment variable.

Multi-Provider Setup

You can configure multiple providers and switch between them:

# In .tack/config.yaml
agents:
  runtime: pi
  pi:
    provider: openai-codex

runtime_auth:
  mode: tack
  runtime: pi
  provider: openai-codex
  method: oauth
  credential_ref: openai-codex

models:
  default: gpt-5.4
  planner: gpt-5.4
  agent: gpt-5.4
  small_tasks: gpt-5.4-mini

Switch to Anthropic by changing the runtime config and credential ref:

agents:
  runtime: pi
  pi:
    provider: anthropic

runtime_auth:
  mode: tack
  runtime: pi
  provider: anthropic
  method: api_key
  credential_ref: anthropic

models:
  default: claude-opus-4-1
  planner: claude-opus-4-1
  agent: claude-opus-4-1
  small_tasks: claude-sonnet-4-6

No changes to the credentials file are needed — both providers can coexist there.

Security Notes

~/.config/tack/credentials.yaml should have 600 permissions (readable only by you)
tack init sets appropriate file permissions automatically
Never commit credentials.yaml to version control
Use environment variable references or !command lookups if you prefer not to store literal secrets on disk
The .tack/ directory in your repo is gitignored for database and runtime artifacts, but config.yaml is intentionally committable — do not put secrets in .tack/config.yaml

Credentials & Auth

On this page