SDK usage

Programmatic usage

Each SDK exposes the same core operations as a library, so you can integrate credential governance directly into your application code.

import {
  initVault,
  unlockVault,
  createPassport,
  listPassports,
  accessCredential,
  detectCredentials,
} from '@id-wispera/core';

// Initialize a new vault (first time only)
const vault = await initVault('my-secure-passphrase');

// Or unlock an existing vault
// const vault = await unlockVault('my-secure-passphrase');

// Scan text for credentials
const detections = detectCredentials('OPENAI_API_KEY=sk-proj-abc123...');
console.log(`Found ${detections.length} credential(s)`);

// Create a passport for a detected credential
const passport = await createPassport(vault, {
  name: 'OpenAI Production Key',
  agentId: 'my-agent',
  credentialType: 'api-key',
  credentialValue: 'sk-proj-abc123...',
  visaType: 'api-access',
  platforms: ['openai'],
  scope: ['chat.completions', 'embeddings'],
  humanOwner: 'you@company.com',
  tags: ['production', 'openai'],
  notes: 'Production API key for the summarization agent',
});

console.log(`Created passport: ${passport.id}`);

// List all active passports
const passports = await listPassports(vault, { status: 'active' });
for (const p of passports) {
  console.log(`${p.name} [${p.status}] - ${p.credentialType}`);
}

// Access a credential (logs the access in the audit trail)
const apiKey = await accessCredential(
  vault,
  passport.id,
  'my-agent',       // actor
  'openai',         // platform
  'chat-completion' // purpose
);

Viewing credentials

List all passports in your vault:

idw list

Filter by status, platform, or tags:

idw list --status active
idw list --platform openai
idw list --tags "source:.env"

Inspect a specific passport by ID:

idw show <id>

To reveal the actual credential value (requires vault passphrase):

idw show <id> --reveal

Audit trail

Every action in ID Wispera is logged: creation, access, modification, revocation, sharing, and delegation. View the full audit trail:

idw audit

See the Audit log page for details on compliance support, export formats, and incident response procedures.

Command reference

Action	TypeScript	Python	Go
Init vault	`idw init`	`idw-py init`	`idw init`
Scan directory	`idw scan [path]`	`idw-py scan [path]`	`idw scan [path]`
Scan system	`idw scan --system`	`idw-py scan --system`	`idw scan --system`
Import all	`idw import <path> --all`	`idw-py import <path> --all`	`idw import <path> --all`
Import by confidence	`idw import <path> --min-confidence 0.9`	`idw-py import <path> --min-confidence 0.9`	`idw import <path> --min-confidence 0.9`
Import file	`idw import <file>`	`idw-py import <file>`	`idw import <file>`
Import OpenClaw	`idw import --format openclaw`	—	—
List passports	`idw list`	`idw-py list`	`idw list`
Show passport	`idw show <id>`	`idw-py show <id>`	`idw show <id>`
Show with secret	`idw show <id> --reveal`	`idw-py show <id> --reveal`	`idw show <id> --reveal`
Revoke passport	`idw revoke <id>`	`idw-py revoke <id>`	`idw revoke <id>`
Create (stdin)	`echo "sk-..." \| idw create --name "Key" --stdin`	`echo "sk-..." \| idw-py create --name "Key" --stdin`	`echo "sk-..." \| idw create --name "Key" --stdin`
Audit log	`idw audit`	`idw-py audit`	`idw audit`
Exec (inject creds)	`idw exec -p <ref> -- <cmd>`	`idw-py exec -p <ref> -- <cmd>`	`idw exec -p <ref> -- <cmd>`
Auth login	`idw auth login`	`idw-py auth login`	`idw auth login`
Auth logout	`idw auth logout`	`idw-py auth logout`	`idw auth logout`
Auth status	`idw auth status`	`idw-py auth status`	`idw auth status`
Create session token	`idw auth token create`	`idw-py auth token create`	`idw auth token create`
List session tokens	`idw auth token list`	`idw-py auth token list`	`idw auth token list`
Revoke session token	`idw auth token revoke <hash>`	`idw-py auth token revoke <hash>`	`idw auth token revoke <hash>`
Bootstrap admin keys	`idw auth bootstrap`	`idw-py auth bootstrap`	`idw auth bootstrap`

Framework integrations

Each SDK includes integration providers that give AI agent frameworks governed credential access.

Integration	TypeScript	Python	Go
Base Provider	`WisperaCredentialProvider`	`WisperaBaseProvider`	`CredentialProvider`
OpenAI Agents SDK	Yes	Yes	Yes
Google A2A Protocol	Yes	Yes	Yes
Slack	Yes	Yes	Yes
LangChain	Yes	Yes (existing)	N/A
CrewAI	N/A	Yes (existing)	N/A

All providers support in-memory credential caching, audit logging, and platform filtering. See the Framework integrations guide for full details.

Next steps

Credential injection

Use idw exec to inject vault credentials into subprocesses as environment variables.

Framework integrations

Connect AI agent frameworks to governed credentials in the vault.

Passport model

Understand the data model behind credential governance.

MCP integration

Connect ID Wispera to AI agents via the Model Context Protocol.

Getting started

Core concepts

Feature guides

Integrations

Testing & contributing

Security & compliance

Programmatic usage

Viewing credentials

Audit trail

Command reference

Framework integrations

Next steps

Credential injection

Framework integrations

Passport model

MCP integration

Getting started

Core concepts

Feature guides

Integrations

Testing & contributing

Security & compliance

​Programmatic usage

​Viewing credentials

​Audit trail

​Command reference

​Framework integrations

​Next steps

Credential injection

Framework integrations

Passport model

MCP integration

Programmatic usage

Viewing credentials

Audit trail

Command reference

Framework integrations

Next steps