Open Connector
Security

Security

Encryption, audit trail, and threat model details.

Open Connector exists to keep credentials out of your agents. Everything in this section explains how that guarantee is enforced: how tokens are encrypted at rest, how every credential use is recorded in a tamper-evident journal, and how to migrate an existing Composio setup without exposing secrets.

In this section

The threat model in one line

Your raw tokens never leave your infrastructure. Agents authenticate with a scoped x-api-key; Open Connector resolves the real credential from an encrypted vault, calls the upstream API on the agent's behalf, and returns only the scoped response — never the credential itself.

The encryption key (CONNECTOR_ENCRYPTION_KEY) lives only in your server process. Even with direct database access, stored credentials are unreadable without it.

On this page