Skip to main content
Password credentials store a username, password, and optional 2FA configuration. Reference them from Login blocks in your workflows, and Skyvern handles the entire sign-in flow, including entering 2FA codes.

Creating a password credential

Use the POST /v1/credentials endpoint to create a password credential: 
from skyvern import Skyvern

skyvern = Skyvern(api_key="YOUR_API_KEY")

credential = await skyvern.create_credential(
    name="Salesforce Production",
    credential_type="password",
    credential={
        "username": "[email protected]",
        "password": "securepassword123",
        "totp": "JBSWY3DPEHPK3PXP",  # Optional TOTP secret
        "totp_type": "authenticator",  # or "email", "text", "none"
        "totp_identifier": "[email protected]"  # Optional: email or phone
    }
)

print(f"Created credential: {credential.credential_id}")
# Output: Created credential: cred_1234567890
Response: 
{
  "credential_id": "cred_1234567890",
  "name": "Salesforce Production",
  "credential_type": "password",
  "credential": {
    "username": "[email protected]",
    "totp_type": "authenticator",
    "totp_identifier": "[email protected]"
  },
  "browser_profile_id": null,
  "tested_url": null
}
The API response never includes sensitive fields like password or totp secret. Only non-sensitive metadata is returned.

Adding two-factor authentication

If the site requires 2FA, configure the totp_type field. Three options:
Methodtotp_typeHow it works
Authenticator App"authenticator"Paste the TOTP secret key in the totp field. Skyvern generates codes locally on demand. Fully automated with no delay. Preferred when the site supports it.
Email"email"Provide the email address in totp_identifier. Skyvern waits for you to push the code via the TOTP API.
Text Message"text"Provide the phone number in totp_identifier. Same push-based flow as Email.
Authenticator App is always the best option when available. Email and Text require either manual code entry or setting up automatic forwarding.
The secret key is the base32-encoded string behind the QR code you’d scan in an authenticator app. Most password managers let you view it:
  • Bitwarden: Edit the login → TOTP field → copy the key
  • 1Password: Edit the login → One-Time Password → copy the secret
  • LastPass: Edit the login → Advanced Settings → copy the TOTP secret
  • Site settings: Many sites show a “Can’t scan?” link during 2FA setup that reveals the text key
If you only have a QR code, decode it to extract the secret= parameter from the otpauth://totp/...?secret=BASE32KEY URI.

Using credentials in a workflow

In the Login block configuration, pass the credential_id as a parameter. Skyvern fills in the username and password automatically, and handles 2FA if configured. See the Workflow Parameters documentation for details on credential parameters.

Listing credentials

Retrieve all credentials for your organization: 
credentials = await skyvern.list_credentials()

for cred in credentials:
    print(f"{cred.name} ({cred.credential_id})")

Getting a specific credential

Retrieve credential metadata by ID: 
credential = await skyvern.get_credential(credential_id="cred_1234567890")

print(f"Username: {credential.credential.username}")
print(f"2FA Type: {credential.credential.totp_type}")

Updating credentials

To update a credential’s sensitive data (username, password, TOTP secret), use the update endpoint: 
updated = await skyvern.update_credential(
    credential_id="cred_1234567890",
    name="Salesforce Production",
    credential_type="password",
    credential={
        "username": "[email protected]",
        "password": "newsecurepassword123",
        "totp": "NEWJBSWY3DPEHPK3PXP",
        "totp_type": "authenticator"
    }
)
For security, saved passwords and secrets are never retrieved, so you must re-enter all sensitive fields when updating.

Deleting credentials

Delete a credential permanently: 
await skyvern.delete_credential(credential_id="cred_1234567890")
Deletion is permanent and cannot be undone. If a workflow references a deleted credential, the run will fail.

TOTP / 2FA Setup

Push verification codes and manage 2FA for Email and Text methods

Test Credentials

Test credentials with automated login flows

Build docs developers (and LLMs) love

Get started for freeTalk to us