The Credentials API is Steel's secret-injection surface for browser workflows. Instead of handing passwords to prompts or scripts, you store credentials once and let Steel inject them into the page at runtime.
That keeps raw secrets out of logs, transcripts, and most human review paths.
Why it matters
- It reduces secret sprawl in prompts and code.
- It supports namespacing and controlled injection into sessions.
- It pairs naturally with Profiles and session-level approvals.