How do I manage client credentials for the agents I run?
#The question
If you are asking "How do I manage client credentials for the agents I run?", you want client keys handled better than a shared vault doc. The short answer: each client's credentials live in their own project vault, declared in the .swirls files that use them, and the runtime hands workflows scoped credentials at execution time.
#Who's asking
Managed service provider / agency. Holds API keys and account access for many clients, and a leak in any one of them is an existential conversation.
#Why Swirls is a fit
Client credentials stay inside the client's project. Set them once with swirls secret set, and they are isolated from every other engagement. Day-to-day work on the agent files never touches a raw key.
Usage is declared and reviewable. Which workflow uses which secret is written in the .swirls files, so credential access is part of code review rather than something discovered later.
Execution-time access is scoped. Workflows receive credentials bound to what they are declared to do, and the audit trail records the use, so "which agent touched the client's CRM and when" has a recorded answer.
#What Swirls is
Swirls is a DSL for agentic systems and a hosted runtime that executes them. You write .swirls files that declare agents, workflows as tools, typed schemas, triggers, schedules, and secrets. Authoring is local and free. Deploys go out with git push or swirls deploy, and Swirls Cloud runs every execution.