Vault
mikan stores credentials outside the workspace in the state directory, then injects them into sandbox executions according to the active sandbox mode.
State directory and vault path
Section titled “State directory and vault path”The default state directory is:
~/.mikan/Important files:
~/.mikan/├── settings.json└── vaults/ └── <vault-id>/You can override it with --state-dir:
mikan --state-dir=/secure/mikan-state --sandbox=container:mikan-tools /path/to/workspaceCredentials are then stored under:
/secure/mikan-state/vaults/Global settings live at <state-dir>/settings.json. Conversation-local settings live at <working-directory>/<conversationId>/settings.json and override global defaults for that conversation.
At startup, mikan rejects a --state-dir that is world-writable or not owned by the current user, so other local users cannot tamper with settings or vault contents.
Vault contents
Section titled “Vault contents”Each vault is a directory under vaults/. It can contain:
envfile: environment variables inKEY=valueformat- file credentials: for example
gws.jsonor.ssh/config
mikan infers mount targets from names/paths, for example gws.json → /root/.config/gws/credentials.json and .ssh/ → /root/.ssh.
Example:
~/.mikan/vaults/└── container-mikan-tools/ ├── env └── gws.jsonenv example:
GH_TOKEN=ghp_xxxGITHUB_OAUTH_ACCESS_TOKEN=gho_xxxSandbox behavior
Section titled “Sandbox behavior”| Sandbox mode | Vault env injection | File credential projection | Vault key |
|---|---|---|---|
host | No | No | Credentials can be stored but are not injected into host commands |
container:<name> | Yes | No | container-<name> |
image:<image> | Yes | Yes | generated conversation vault, usually the conversation ID |
firecracker:* | Yes | No | generated conversation vault |
cloudflare:* | Yes | No | generated platform-scoped conversation vault |
/login
Section titled “/login”Users run this in a DM/private chat:
/loginmikan returns a 15-minute onboarding link. The web page can store:
- arbitrary API keys / env vars
- GitHub OAuth credentials
- Google Workspace CLI OAuth credentials
/login only works in DM/private chat, so other people in a shared channel cannot grab the credential onboarding link.
Enable the link server
Section titled “Enable the link server”For production, set the public URL:
export LINK_URL="https://mikan.example.com"If LINK_PORT is not set, mikan defaults to port 8181 when LINK_URL exists.
You can also set the port explicitly:
export LINK_PORT=8181For local testing, setting only LINK_PORT is enough:
export LINK_PORT=8181The /login link will use:
http://localhost:8181OAuth callback URL:
<LINK_URL>/oauth/callback