Quick startBrowse

Start

Quick start

Set up your first workspace, project, provider, secret, member, and agent without turning ScopeHold into a policy exercise.

Updated May 23, 2026

ScopeHold is a low-friction secrets layer for human-plus-agent teams. The core workflow is simple: paste a secret once, assign it to the right scope, grant the right humans or agents access, and let the audit log explain what happened later.

First setup

  1. 1Create or open a workspaceA workspace is the top-level operational boundary. It contains projects, providers, secrets, members, agents, and audit history.
  2. 2Create a projectProjects keep operational work separated inside the workspace. Project-scoped resources are not visible to sibling projects unless they are assigned from the workspace.
  3. 3Add a providerA provider is the named external system namespace, such as Supabase, GitHub, Stripe, Cloudflare, or a generic provider.
  4. 4Create a secretA secret is an encrypted credential under a provider. Add a clear name, optional description, and the credential value.
  5. 5Grant accessAssign the secret to projects where needed, then grant direct access to the specific members or agents that should reveal or resolve it.
  6. 6Onboard an agentCreate an agent provisioning prompt. The prompt supports the recommended ScopeHold CLI path and a complete API-only fallback, and it points agents to optional ScopeHold Agent Guidance for their runtime.
  7. 7Review the audit logUse the audit log to confirm who created, changed, revealed, resolved, archived, or attempted to access sensitive resources.

Set up a real operational workflow: add a provider, store a credential, create or select a named agent, grant the access it needs, resolve the credential at runtime, and confirm the audit entry. Add a member when you also want a human reveal path in the same project.

Quick start | ScopeHold Docs