> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meshagent.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets and Credentials

> User and service-account secrets in MeshAgent.

MeshAgent secrets use a user-owned and service-account-owned model.

Secret APIs are scoped to:

* the authenticated user, for credentials the user owns and manages
* a service account, for credentials used by services that run as that account

Secrets can carry metadata and annotations for search and credential context. Runtime services should use service-account identity (`container.run_as`) and service-account permissions rather than project-level secret references.

## Runtime Use

Services that need secrets should run as a service account. Secret access is authorized through that service account and, for proxy-only credentials, through per-secret proxy grants.

Credentials that should not be retrieved directly can be used through HTTP/MCP proxy flows.

## Related Guides

* [User Secrets](./user_secrets)
* [Service Account Secrets](./service_account_secrets)
* [HTTP Secret Proxy](./http_proxy)
* [MCP Secret Proxy](./mcp_proxy)
* [Image Pull Secrets](./image_pull_secrets)
* [OAuth Credential Storage](./oauth_flows)
