Language model APIs

Sign up for Cerebras and keep its API key out of agent context

A first Cerebras inference call requires leaving the coding task, completing the Google-backed cloud account flow, and locating the API credential.

Trusty Squire handles that recorded browser sequence, then the backend can use Cerebras's OpenAI-compatible chat endpoint through a scoped vault grant.

Ask your coding agentUse Trusty Squire to sign me up for Cerebras, save the API key, allow api.cerebras.ai for server-side requests, and wire it into this app without exposing the raw key.
Registry status
Active
Recorded actions
7
Credential fields
1
Provider entry
cloud.cerebras.ai

What this setup unlocks

Use Cerebras for fast language-model inference while Trusty Squire injects the credential only into allowed provider requests.

  • Prototype a low-latency generation feature.
  • Compare Cerebras inference with other providers.

What your agent does

These public steps preserve the active registry flow while omitting captured account identifiers, brittle DOM selectors, and literal form values.

  1. 01

    navigate

    Open the Cerebras account console.

  2. 02

    click

    Open the API key or access-token area.

  3. 03

    navigate

    Open the Cerebras account console.

  4. 04

    click oauth button

    Choose google sign-in.

  5. 05

    click

    Continue through the account flow.

  6. 06

    click

    Continue through the account flow.

  7. 07

    extract via copy button

    Capture the validated credential directly into the vault.

Credential saved to the vault

  • CEREBRAS_API_KEY

    CEREBRAS_API_KEY is a opaque api_key validated at 8 to 64 characters.

Write-only by design. Cerebras's CEREBRAS_API_KEY is stored as write-only vault credential. For backend use, mint a host-scoped egress grant and keep its revocable token in server-side secret storage. The raw provider value is not returned to the agent or written to the project.

Use it without revealing the provider key

In the Vault, first make api.cerebras.aithe credential's primary allowed host. Then ask your agent to call grant_app_access. It returns a host-scoped egress base URL and a revocable token; the backend uses those values to send a Cerebras chat-completions request.

// One-time Vault policy: make api.cerebras.ai
// the primary allowed host. Off-allowlist requests are refused.

// Then ask your agent to create a scoped grant:
grant_app_access({
  service: "cerebras",
  rate_limit_per_hour: 100
})

// Inject the returned fields from backend-only secret storage:
// SQUIRE_EGRESS_BASE_URL=<returned base_url>
// SQUIRE_EGRESS_TOKEN=<returned token>

const response = await fetch(
  `${process.env.SQUIRE_EGRESS_BASE_URL}/v1/chat/completions`,
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${process.env.SQUIRE_EGRESS_TOKEN}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      model: "gpt-oss-120b",
      messages: [{ role: "user", content: "Say hello in five words." }],
    }),
  },
);

if (!response.ok) throw new Error(`Cerebras returned ${response.status}`);
const completion = await response.json();

Provider request checked against Cerebras Inference: authentication on 2026-07-15.

The egress token is still a secret. Keep SQUIRE_EGRESS_TOKEN in backend-only secret storage. Do not expose it in browser JavaScript, logs, or source control. grant_app_accessreturns this scoped token once through the MCP result, so it can enter agent context; it is not the provider key. Move it directly into your deployment's secret store, or useuse_credential when you need zero grant-token exposure. Grants are host-scoped, audited, and revocable without rotating the provider credential.

Frequently asked questions

How do I use the Cerebras API key without .env?
Ask your coding agent: “Use Trusty Squire to sign me up for Cerebras, save the API key, allow api.cerebras.ai for server-side requests, and wire it into this app without exposing the raw key.” Trusty Squire captures the provider credential directly into its write-only vault instead of returning it for an .env file. CEREBRAS_API_KEY is a opaque api_key validated at 8 to 64 characters.
Can Trusty Squire automate Cerebras signup?
For a new account, the reviewed skill uses google sign-in as the provider's signup path; for an existing identity, the same path signs in instead. Choose google sign-in. Continue through the account flow. A hard CAPTCHA, payment, phone requirement, or human-only decision still stops the run for you.
How does Cerebras MCP provisioning keep the API key private?
Trusty Squire is the MCP server between your coding agent and the vault. It stores the captured Cerebras credential as a write-only value, then returns a reference or scoped egress grant instead of the raw provider key. The backend grant can call only its configured provider host and remains revocable and auditable.
What can I do with the generated Cerebras credential?
Cerebras documents this bearer credential for its inference API, including the OpenAI-compatible chat-completions endpoint and the models enabled for the account.
What should I verify before using Cerebras in production?
The registry does not encode model access, quota, billing, or a required API-version override. Choose an available model and review current account limits before production use.