botauth
Use botauth to securely retrieve API keys, tokens, and credentials from the
user's botauth vault. The desktop app must be running, the vault must be
unlocked, and every list, search, and get request can trigger an approval
prompt.
When to use
- - You need an API key, token, or password to complete a task
- The user asks you to use credentials that already exist in botauth
- You need to fill a
.env file or config from the user's vault
Do not save new secrets unless the user explicitly asks. botauth add opens a
desktop flow for the user to fill in the credential.
Prerequisites
- -
botauth must be installed and available on �INLINECODE7 - The botauth desktop app must be running
- The vault must be unlocked
- Run
botauth status first
Core commands
Check connection
CODEBLOCK0
Search or list secrets
CODEBLOCK1
Retrieve a secret in two steps
First get metadata:
CODEBLOCK2
Then fetch the sensitive fields:
CODEBLOCK3
Reuse --access-key inside the same workflow when possible to avoid redundant
approval prompts.
Ask the user to create a secret
CODEBLOCK4
Typical workflow
CODEBLOCK5
JSON output
Use --json for machine-readable output:
CODEBLOCK6
Important notes
- -
list, search, get, and add may show approval prompts in the desktop app - Sensitive values only come back from �INLINECODE15
- Access keys are short-lived; reuse them during a single task, then discard them
- If
botauth status fails, ask the user to launch or unlock the desktop app
botauth
使用 botauth 可从用户的 botauth 保管库中安全检索 API 密钥、令牌和凭据。桌面应用必须正在运行,保管库必须已解锁,且每次 list、search 和 get 请求都可能触发审批提示。
使用场景
- - 你需要 API 密钥、令牌或密码来完成某项任务
- 用户要求你使用 botauth 中已存在的凭据
- 你需要从用户的保管库中填充 .env 文件或配置
除非用户明确要求,否则不要保存新的密钥。botauth add 会打开桌面流程供用户填写凭据。
前置条件
- - botauth 必须已安装且位于 PATH 中
- botauth 桌面应用必须正在运行
- 保管库必须已解锁
- 首先运行 botauth status
核心命令
检查连接
bash
botauth status
搜索或列出密钥
bash
botauth search openai
botauth search github --provider github
botauth list
botauth list --provider github
botauth list --tags dev,production
分两步检索密钥
首先获取元数据:
bash
botauth get OpenAI API Key
botauth get --id
然后获取敏感字段:
bash
botauth get --id --fields api_key
botauth get --id --fields apikey,clientsecret --access-key
在同一工作流中尽可能复用 --access-key,以避免重复的审批提示。
要求用户创建密钥
bash
botauth add
botauth add --app openai --secret-name Production Key
典型工作流
bash
botauth status
botauth search openai
botauth get OpenAI API Key
botauth get --id --fields api_key --access-key
export OPENAIAPIKEY=
JSON 输出
使用 --json 获取机器可读的输出:
bash
botauth search github --json
botauth get --id --fields token --json
重要说明
- - list、search、get 和 add 可能会在桌面应用中显示审批提示
- 敏感值仅通过 get --fields 返回
- 访问密钥有效期短;在单个任务中复用,然后丢弃
- 如果 botauth status 失败,请要求用户启动或解锁桌面应用
