What this setup unlocks
Use Cerebras for fast language-model inference while Trusty Squire injects the credential only into allowed provider requests.
- Prototype a low-latency generation feature.
- Compare Cerebras inference with other providers.
What your agent does
These public steps preserve the active registry flow while omitting captured account identifiers, brittle DOM selectors, and literal form values.
- 01
navigate
Open the Cerebras account console.
- 02
click
Open the API key or access-token area.
- 03
navigate
Open the Cerebras account console.
- 04
click oauth button
Choose google sign-in.
- 05
click
Continue through the account flow.
- 06
click
Continue through the account flow.
- 07
extract via copy button
Capture the validated credential directly into the vault.
Credential saved to the vault
CEREBRAS_API_KEYCEREBRAS_API_KEY is a opaque api_key validated at 8 to 64 characters.
Use it without revealing the provider key
In the Vault, first make api.cerebras.aithe credential's primary allowed host. Then ask your agent to call grant_app_access. It returns a host-scoped egress base URL and a revocable token; the backend uses those values to send a Cerebras chat-completions request.
// One-time Vault policy: make api.cerebras.ai
// the primary allowed host. Off-allowlist requests are refused.
// Then ask your agent to create a scoped grant:
grant_app_access({
service: "cerebras",
rate_limit_per_hour: 100
})
// Inject the returned fields from backend-only secret storage:
// SQUIRE_EGRESS_BASE_URL=<returned base_url>
// SQUIRE_EGRESS_TOKEN=<returned token>
const response = await fetch(
`${process.env.SQUIRE_EGRESS_BASE_URL}/v1/chat/completions`,
{
method: "POST",
headers: {
Authorization: `Bearer ${process.env.SQUIRE_EGRESS_TOKEN}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
model: "gpt-oss-120b",
messages: [{ role: "user", content: "Say hello in five words." }],
}),
},
);
if (!response.ok) throw new Error(`Cerebras returned ${response.status}`);
const completion = await response.json();Provider request checked against Cerebras Inference: authentication on 2026-07-15.
SQUIRE_EGRESS_TOKEN in backend-only secret storage. Do not expose it in browser JavaScript, logs, or source control. grant_app_accessreturns this scoped token once through the MCP result, so it can enter agent context; it is not the provider key. Move it directly into your deployment's secret store, or useuse_credential when you need zero grant-token exposure. Grants are host-scoped, audited, and revocable without rotating the provider credential.Frequently asked questions
- How do I use the Cerebras API key without .env?
- Ask your coding agent: “Use Trusty Squire to sign me up for Cerebras, save the API key, allow api.cerebras.ai for server-side requests, and wire it into this app without exposing the raw key.” Trusty Squire captures the provider credential directly into its write-only vault instead of returning it for an .env file. CEREBRAS_API_KEY is a opaque api_key validated at 8 to 64 characters.
- Can Trusty Squire automate Cerebras signup?
- For a new account, the reviewed skill uses google sign-in as the provider's signup path; for an existing identity, the same path signs in instead. Choose google sign-in. Continue through the account flow. A hard CAPTCHA, payment, phone requirement, or human-only decision still stops the run for you.
- How does Cerebras MCP provisioning keep the API key private?
- Trusty Squire is the MCP server between your coding agent and the vault. It stores the captured Cerebras credential as a write-only value, then returns a reference or scoped egress grant instead of the raw provider key. The backend grant can call only its configured provider host and remains revocable and auditable.
- What can I do with the generated Cerebras credential?
- Cerebras documents this bearer credential for its inference API, including the OpenAI-compatible chat-completions endpoint and the models enabled for the account.
- What should I verify before using Cerebras in production?
- The registry does not encode model access, quota, billing, or a required API-version override. Choose an available model and review current account limits before production use.