Overview
UseZombie handles three categories of credentials, each with a different injection path and lifecycle. No credential is ever exposed as an environment variable to the executor process.Anthropic API key
The Anthropic API key powers the agent runtime (Claude). It is stored in your secret manager and deployed to worker machines via the.env file.
| Property | Value |
|---|---|
| Storage | Secret manager vault |
| Injection | .env file on worker machine |
| Scope | Per-worker |
| Rotation | Manual, via secret manager |
| Agent exposure | None — the key is never set in the executor environment. It is passed inside the startStage JSON-RPC payload so the executor can make API calls on behalf of the agent without leaking the key to agent code. |
GitHub App installation token
The UseZombie GitHub App is installed on target repositories. The worker requests short-lived installation tokens scoped to the specific repository for each run.| Property | Value |
|---|---|
| Storage | GitHub App private key in secret manager vault |
| Injection | Worker signs a JWT using the private key at runtime |
| Scope | Per-repository, per-run |
| TTL | 1 hour (GitHub default) |
| Auto-refresh | Worker refreshes at 55 minutes if the run is still active |
| Permissions | Contents (read/write), Pull requests (read/write), Metadata (read) |
- Run is claimed by a worker.
- Worker signs a JWT using the GitHub App private key.
- Worker exchanges the JWT for an installation token scoped to the target repo.
- Token is used for clone, push, and PR creation.
- If the run exceeds 55 minutes, the worker requests a fresh token.
- Token expires naturally after 1 hour if not refreshed.
Package registry credentials
For workloads that need to install dependencies during execution (whenEXECUTOR_NETWORK_POLICY=registry_allowlist), registry access is handled in two phases: