Keys
Provider API keys from .env — masked, read-only status view.
Web UI → Keys (System section) shows the credentials the agent runs
with, read straight from <agent home>/.env. It’s a status table, not an
editor — there’s no way to add, edit, or delete a key from this page.
What’s on the page

A table with one row per line in .env (blank lines and # comments are
skipped), columns:
| Column | What it shows |
|---|---|
| NAME | The variable name, e.g. ANTHROPIC_API_KEY |
| STATUS | Green SET or red MISSING, based on whether the value is non-empty |
| VALUE | A masked fingerprint for secrets; the real value verbatim for non-secrets |
| TYPE | SECRET or CONFIG badge |
A variable counts as a secret if its name (case-insensitive) contains
KEY, TOKEN, SECRET, or PASSWORD. Everything else — a model-name
setting, a feature flag stored in .env — is treated as configuration and
shown in full, since it’s not sensitive.
Masking: values over 8 characters show first-4…last-4 (e.g.
sk-a…9f3k); shorter values show a run of bullets. Full secret values
are never sent to the browser.
The page footer names the exact file path it read (d.path from the API
response), so you can confirm it’s looking at the .env you expect.
What it doesn’t do
This page is a read-only view of GET /api/env. There is no matching
write endpoint — you cannot set, rotate, or delete a key from the Keys
page. To change a value, edit .env on disk (or paste it into the raw
Config page if it happens to live in config.yaml
instead) and restart the affected service.
Credential pools are not shown here
The Agents chapter describes a credential pool
feature — multiple keys per provider, automatic rotation, cooldowns on
rate limits — managed entirely through aios credentials add|list|revive
on the CLI, backed by a real API (/api/credentials/pool) that has no
dashboard page wired to it.
This Keys page only ever reflects the single .env key per provider. If
a pool is configured for a provider, the agent may actually be rotating
through several keys behind the scenes — none of that shows up here.
The .env entry’s SET/MISSING status is unaffected either way, since
pool keys and the plain .env key are independent: pool keys take
priority when present, and the .env key remains the fallback.