Skip to main content
Configuring credentials and tokens requires a Workspace admin (platform admins also have access). You set them up through the Console so Acrity can read changes, publish review results, and integrate work management providers.

Where to configure

NeedConsole locationWhen to use
OAuth or GitHub AppConnected Appsrecommended flow for GitHub, GitLab, Bitbucket, Azure DevOps, Jira, Linear, and ClickUp when the provider supports delegated authorization
Manual credentialCredentialstokens or credentials created outside the OAuth flow
Private/on-prem VCSConnectorswhen the VCS is on a private network or when the VCS token must remain in the customer’s environment
Programmatic API useAPI Keysinternal integrations, automations, and MCP
Outbound webhooksWebhookssending Acrity events to external systems

How secrets are stored

Credential secrets, OAuth tokens, and sensitive overrides are stored encrypted in the database with AES-256-GCM. API key data uses a different model: the complete key is shown once and Acrity stores only an HMAC-SHA-256 hash with pepper for verification. Connector tokens follow the one-time display principle. The complete token appears at creation or rotation time; after that, Acrity keeps a SHA-256 hash for verification, not reusable plaintext.
Copy one-time displayed secrets to your company’s secrets vault. Acrity does not show the complete value again.

Connected Apps

Use Connected Apps when you want a guided authorization flow. This flow reduces manual error, enables reauthorization in the Console, and shows when the installation needs new permission. Recommended flow:
1

Open the workspace

Select the correct workspace in the Console.
2

Go to Connected Apps

Choose the provider and start installation or authorization.
3

Grant permissions in the provider

Confirm the authorized organization, account, repositories, or projects.
4

Link to repositories

Return to the Console and connect repositories or link the PM integration in the repository detail page.

Manual credentials

Use Credentials when the provider requires a manual token, when the organization already has dedicated credentials, or when an OAuth flow is not appropriate. When creating a credential:
  1. Choose the provider.
  2. Define a name that helps audit, such as github-app-prod or jira-service-account.
  3. Fill in the fields required by the provider.
  4. Validate the credential before linking it to repositories.
  5. Use the credential only in repositories that need it.

Connectors

Use Connectors when the VCS is on a private network or when internal policy requires the VCS token to remain in the customer’s environment. The connector is installed in the customer’s infrastructure and maintains the required bridge with Acrity. In the Console, a Workspace admin creates the connector, chooses the provider, downloads the installation artifact, and copies the one-time displayed secrets. The connector page shows status, heartbeat, discovered repositories, and rotation actions.

Rotation

Rotate secrets when:
  • a person with access to the secret leaves the team;
  • a token was copied to an unsafe location;
  • the provider requires renewal;
  • an integration stops being used;
  • internal policy defines a periodic cycle.
After rotating, validate the credential or connector and track the status of linked repositories.