Integrations
Connect external providers to Orchestrator by storing encrypted credentials — set up, test, and manage connections.
Integrations store the credentials your workflow actions need to connect to external services. Each integration is linked to a specific provider (Skytells, Slack, GitHub, etc.) and encrypts your credentials at rest.
Setting Up an Integration
Open Connections
Click your user avatar → Connections (or open the Integrations panel from the settings menu).
Add a new connection
Click Add Connection and select the provider you want to configure.
Enter credentials
Fill in the required fields for the provider. Each provider requires different credentials:
| Provider | Required Fields |
|---|---|
| Skytells | API Key, Base URL (optional) |
| AI Gateway | API Key |
| fal.ai | API Key |
| Firecrawl | API Key |
| GitHub | Personal Access Token |
| Linear | API Key, Team ID |
| Perplexity | API Key |
| Resend | API Key, From Email |
| Slack | API Token |
| Stripe | Secret Key |
| Clerk | Secret Key |
| Blob | Read/Write Token |
| Webflow | API Key |
| v0 | API Key |
| Superagent | API Key |
For the Skytells integration specifically, you'll enter your Skytells API key — the same key you use for the Predictions API and Inference API.
Test the connection
Click Test to verify the credentials work. The test calls the provider's API to confirm the key is valid.
Save
Click Save. The credentials are encrypted with AES-256-GCM before being stored.
Using Integrations in Workflows
When you add an action node that requires credentials (e.g., a Slack Send Message action), the config panel shows an Integration dropdown. Select the integration connection you want to use.
- Each action node stores a reference to the integration (not the credentials themselves).
- At execution time, credentials are fetched and decrypted only when the step runs.
- Credentials are never logged in execution logs — they're automatically redacted.
Integration Scope
- Integrations are owner-scoped — only you can see and use your integrations.
- You can reuse the same integration connection across multiple workflows and actions.
- When you duplicate a workflow, integration references are removed. You need to re-attach them.
Managing Integrations
From the Connections panel, you can:
- Edit — Update credentials for an existing integration
- Delete — Remove an integration (actions using it will lose their connection)
- Test — Re-verify that credentials are still valid
- Filter by type — Show only integrations for a specific provider
Credential Security
- Credentials are encrypted with AES-256-GCM before database storage
- Storage format:
{iv}:{authTag}:{ciphertext}(hex-encoded) - Encryption key is stored as an environment variable, never in the database
- Credentials are decrypted only at step execution time
- Execution logs automatically redact API keys, authorization headers, and sensitive data
Never put API keys or secrets directly in action config fields (prompts, text inputs, etc.). Always store them through the Integrations system.
Provider-Specific Notes
Skytells
Your Skytells API key is used by Skytells actions (Create Prediction, Generate Text, Create Image, Create Video, Get Prediction, List Text Models). This is different from the Orchestrator API key used for webhook authorization.
GitHub
Use a Personal Access Token with appropriate repository permissions.
Slack
Use a Slack Bot Token with chat:write scope.
Resend
Both the API key and a verified sender email (From Email) are required.
Linear
Both the API key and your team ID are required for issue operations.
Stripe
Use your Secret Key (starts with sk_live_ or sk_test_), not the publishable key.
Next Steps
API Keys
Understand Orchestrator keys vs. Skytells keys.
Actions Catalog
See which actions need which integrations.
Execution & Logs
How credentials are handled during workflow execution.
How is this guide?