Docs
Reference
Token safety
Manual tokens are shown once and should be stored only in the AI client's secret manager or environment.
Manual bearer tokens are a fallback for clients that do not complete OAuth. Treat them like passwords.
Workflow
Primary steps
- 1Use OAuth when the AI client supports it.
- 2Store manual tokens in client secrets or environment variables.
- 3Revoke any token that appears in a screenshot, chat, log, or repository.
Storage
Do not paste raw tokens into public prompts, screenshots, chat transcripts, repositories, or config files that sync to other people.
For Codex-style clients, use an environment variable such as PRISM_MCP_TOKEN and store the raw value separately.
Rotation
If a token is exposed, revoke it from the Prism MCP dashboard and create a new one for the client.