Per-user encrypted integrations: how we keep tool credentials safe

Every operator brings their own Gmail, GoHighLevel, Resend, and Sheets credentials. Here is how we encrypt, scope, and rotate them.

2026-04-16 · 5 min read · GO Pilot GO Team

An agent that cannot send email, update a CRM, or write to a spreadsheet is a parlor trick. Real work happens through integrations. Real integrations require credentials. And credentials, mishandled, are how platforms get breached.

GO Pilot GO uses per-user encrypted integrations. That means: each operator connects their own Gmail, GoHighLevel, Resend, or Google Sheets account. Tokens are encrypted at rest with envelope encryption, scoped to the user, and never shared across workspaces. OAuth flows use short-lived access tokens with refresh rotation. API keys are stored in our secrets vault and never exposed in plaintext to the agent runtime.

When an agent runs, the runtime decrypts the credentials inside an isolated worker, makes the tool call, and disposes of the plaintext immediately. Logs never contain credentials. Event streams never contain credentials. If you revoke a connection in your settings, the very next agent run cannot use it.

We also support BYO API keys for services without OAuth (Resend, generic HTTP, custom REST). Those keys live in the same encrypted store and get the same treatment.

This is not the most glamorous engineering work, but it is the work that decides whether you can trust an agent platform with production access.