General Inputgeni credential list
List the operator's connected credentials, including the env var names that get set when each is declared on a tool call.
geni credential list [flags]Lists every credential the operator owns or has been granted access to via org sharing. Each entry includes the credential's envVars (exact bash env var names) and fields (per-field secret/non-secret breakdown) so the agent knows what geni exec bash will inject.
No plaintext secret values are returned. Secret values only flow through env-var injection inside the subprocess at execution time.
Synopsis
geni credential list # all credentials
geni credential list --service slack # filter by service
geni credential list --mine # owned by you only (exclude shared)
geni credential list -q "personal" # ranked search
geni credential list --json| Flag | Notes |
|---|---|
--service <slug> | Filter to one service (slack, github, salesforce, etc.). |
--mine | Owned by you only, exclude shared. |
-q, --query <text> | Search across service, title, and provider name. |
--json | Machine-readable output. Includes envVars + fields. |
Output (default)
ID SERVICE TITLE
cred_01HX… slack Slack, Acme prod
cred_01HY… github GitHub, personal
cred_01HZ… openai OpenAI keyFor env var names, OAuth scopes, or the full credential record use geni credential get <id> (or --field <path> / --json).
Output (--json, one credential)
{
"id": "cred_01HX…",
"service": "slack",
"title": "Slack, Acme prod",
"credentialType": "oauth2",
"provider": "Slack",
"envVars": ["SLACK_ACCESS_TOKEN_01HX…", "SLACK_BOT_TOKEN"],
"fields": {
"accessToken": { "isSecret": true }
},
"grantedScopes": ["chat:write", "channels:read", "..."]
}The envVars list is the authoritative source of names geni exec bash will set when this credential is declared. Read it directly, don't derive from the service slug.
Exit codes
| Code | Meaning |
|---|---|
0 | Returned (possibly empty) |
78 | Runner session missing or expired |
125 | Network or server error |