When you store a credential, Deck encrypts it in Deck Vault. How credentials are managed after storage depends on your integration. You have two options: keep credentials in Deck Vault for automatic reuse, or delete the credential to permanently remove them.Documentation Index
Fetch the complete documentation index at: https://docs.deck.co/llms.txt
Use this file to discover all available pages before exploring further.
Deck Vault
By default, Deck encrypts and stores credentials in Deck Vault. Credentials never leave the vault except to authenticate a session, and each set is scoped to a single credential. They are never shared across users, organizations, or sources. Deck Vault is encrypted at rest and in transit. With credentials stored, you get:- Automatic re-authentication. Expired sessions recover without user involvement.
- Persistent credentials. Users link their account once and it works until they revoke access.
- Zero-friction task runs. Scheduled and on-demand tasks authenticate silently.
Removing credentials
To permanently delete credentials from Deck Vault, delete the credential:deleted status. The credential object and its task runs remain queryable, but no new tasks can use it. If the user needs access again, create a new credential.
Choosing an approach
The right choice depends on how your users interact with connected sources and how sensitive the credentials are.| Deck Vault (default) | Terminate after use | |
|---|---|---|
| User experience | Store once, use indefinitely | Re-enter credentials each time |
| Session recovery | Automatic re-authentication | Requires a new credential |
| Operational overhead | Low. Deck manages authentication. | Higher. Your app handles re-linking flows. |
| Best for | Recurring tasks, long-lived integrations | One-time operations, high-sensitivity credentials |