ScopeHold
Security settingsBrowse

Start

Quick startCore concepts

Setup

Billing accounts, workspaces, and projectsProviders and secrets

Access

Members and agentsAccess rules

Security

Security settingsAudit log

Account

Billing and plans

Reference

TroubleshootingGlossary

Security

Security settings

Use MFA before human reveal and agent key expiry defaults to reduce credential exposure without slowing normal work.

Updated May 22, 2026

Workspace security settings apply to the workspace and can be overridden by project settings where the product supports project-specific controls.

MFA before human reveal

When MFA before reveal is required, a human must verify with their authenticator before the UI reveals a secret value. This is separate from normal sign-in and does not apply to agent API resolution.

Agent key expiry

Agent key expiry controls how long active Agent Keys remain valid. When an expiry setting is changed, the new expiry period starts from the time the setting is saved.

  • Use shorter expiry for sensitive production workflows.
  • Use longer expiry only where key rotation would create operational noise.
  • Rotate or revoke Agent Keys when an agent workflow changes ownership or environment.
PreviousAccess rulesNextAudit log