AI evaluation

Sign up for Braintrust and keep its API key out of agent context

Braintrust setup interrupts an evaluation or tracing task with a Google account flow and a separate organization API-key screen.

The active registry flow crosses that account boundary and captures the credential, while the integration below uses Braintrust's documented project endpoint without putting the key in your agent's context.

Ask your coding agentUse Trusty Squire to sign me up for Braintrust, save the API key, allow api.braintrust.dev for server-side requests, and wire it into this app without exposing the raw key.
Registry status
Active
Recorded actions
4
Credential fields
1
Provider entry
www.braintrust.dev

What this setup unlocks

Use Braintrust for model evaluations, experiments, and traces while Trusty Squire injects the credential only into allowed provider requests.

  • Record model traces and experiment results.
  • Run repeatable evaluation datasets during development.

What your agent does

These public steps preserve the active registry flow while omitting captured account identifiers, brittle DOM selectors, and literal form values.

  1. 01

    navigate

    Open the Braintrust account console.

  2. 02

    click oauth button

    Choose google sign-in.

  3. 03

    click

    Continue through the account flow.

  4. 04

    extract via regex

    Capture the validated credential directly into the vault.

Credential saved to the vault

  • BRAINTRUST_API_KEY

    BRAINTRUST_API_KEY is a opaque api_key validated at 8 to 64 characters.

Write-only by design. Braintrust's BRAINTRUST_API_KEY is stored as write-only vault credential. For backend use, mint a host-scoped egress grant and keep its revocable token in server-side secret storage. The raw provider value is not returned to the agent or written to the project.

Use it without revealing the provider key

In the Vault, first make api.braintrust.devthe credential's primary allowed host. Then ask your agent to call grant_app_access. It returns a host-scoped egress base URL and a revocable token; the backend uses those values to list Braintrust projects.

// One-time Vault policy: make api.braintrust.dev
// the primary allowed host. Off-allowlist requests are refused.

// Then ask your agent to create a scoped grant:
grant_app_access({
  service: "braintrust",
  rate_limit_per_hour: 100
})

// Inject the returned fields from backend-only secret storage:
// SQUIRE_EGRESS_BASE_URL=<returned base_url>
// SQUIRE_EGRESS_TOKEN=<returned token>

const response = await fetch(
  `${process.env.SQUIRE_EGRESS_BASE_URL}/v1/project?limit=10`,
  {
    headers: {
      Authorization: `Bearer ${process.env.SQUIRE_EGRESS_TOKEN}`,
    },
  },
);

if (!response.ok) throw new Error(`Braintrust returned ${response.status}`);
const projects = await response.json();

Provider request checked against Braintrust API: list projects on 2026-07-15.

The egress token is still a secret. Keep SQUIRE_EGRESS_TOKEN in backend-only secret storage. Do not expose it in browser JavaScript, logs, or source control. grant_app_accessreturns this scoped token once through the MCP result, so it can enter agent context; it is not the provider key. Move it directly into your deployment's secret store, or useuse_credential when you need zero grant-token exposure. Grants are host-scoped, audited, and revocable without rotating the provider credential.

Frequently asked questions

How do I use the Braintrust API key without .env?
Ask your coding agent: “Use Trusty Squire to sign me up for Braintrust, save the API key, allow api.braintrust.dev for server-side requests, and wire it into this app without exposing the raw key.” Trusty Squire captures the provider credential directly into its write-only vault instead of returning it for an .env file. BRAINTRUST_API_KEY is a opaque api_key validated at 8 to 64 characters.
Can Trusty Squire automate Braintrust signup?
For a new account, the reviewed skill uses google sign-in as the provider's signup path; for an existing identity, the same path signs in instead. Choose google sign-in. Continue through the account flow. A hard CAPTCHA, payment, phone requirement, or human-only decision still stops the run for you.
How does Braintrust MCP provisioning keep the API key private?
Trusty Squire is the MCP server between your coding agent and the vault. It stores the captured Braintrust credential as a write-only value, then returns a reference or scoped egress grant instead of the raw provider key. The backend grant can call only its configured provider host and remains revocable and auditable.
What can I do with the generated Braintrust credential?
Braintrust documents this bearer credential for its API, including project, experiment, dataset, prompt, and trace operations permitted by the organization.
What should I verify before using Braintrust in production?
The registry record does not include an organization name, project ID, data-plane region, or API-key role. Confirm those separately; EU and self-hosted organizations use a different API host.