What this setup unlocks
Use DeepInfra for hosted open-model inference while Trusty Squire injects the credential only into allowed provider requests.
- Serve model inference behind an application endpoint.
- Compare model quality and latency across providers.
What your agent does
These public steps preserve the active registry flow while omitting captured account identifiers, brittle DOM selectors, and literal form values.
- 01
navigate
Open the DeepInfra account console.
- 02
click oauth button
Choose github sign-in.
- 03
navigate
Open the DeepInfra account console.
- 04
click
Dismiss the current overlay or notice.
- 05
click
Dismiss the current overlay or notice.
- 06
click
Continue through the recorded account flow.
- 07
click
Open the API key or access-token area.
- 08
fill
Name the new API credential.
- 09
extract via copy button
Capture the validated credential directly into the vault.
Credential saved to the vault
DEEPINFRA_API_KEYDEEPINFRA_API_KEY is a opaque api_key validated at 8 to 64 characters.
Use it without revealing the provider key
In the Vault, first make api.deepinfra.comthe credential's primary allowed host. Then ask your agent to call grant_app_access. It returns a host-scoped egress base URL and a revocable token; the backend uses those values to send a DeepInfra chat-completions request.
// One-time Vault policy: make api.deepinfra.com
// the primary allowed host. Off-allowlist requests are refused.
// Then ask your agent to create a scoped grant:
grant_app_access({
service: "deepinfra",
rate_limit_per_hour: 100
})
// Inject the returned fields from backend-only secret storage:
// SQUIRE_EGRESS_BASE_URL=<returned base_url>
// SQUIRE_EGRESS_TOKEN=<returned token>
const response = await fetch(
`${process.env.SQUIRE_EGRESS_BASE_URL}/v1/openai/chat/completions`,
{
method: "POST",
headers: {
Authorization: `Bearer ${process.env.SQUIRE_EGRESS_TOKEN}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
model: "deepseek-ai/DeepSeek-V3",
messages: [{ role: "user", content: "Say hello in five words." }],
}),
},
);
if (!response.ok) throw new Error(`DeepInfra returned ${response.status}`);
const completion = await response.json();Provider request checked against DeepInfra: chat completions on 2026-07-15.
SQUIRE_EGRESS_TOKEN in backend-only secret storage. Do not expose it in browser JavaScript, logs, or source control. grant_app_accessreturns this scoped token once through the MCP result, so it can enter agent context; it is not the provider key. Move it directly into your deployment's secret store, or useuse_credential when you need zero grant-token exposure. Grants are host-scoped, audited, and revocable without rotating the provider credential.Frequently asked questions
- How do I use the DeepInfra API key without .env?
- Ask your coding agent: “Use Trusty Squire to sign me up for DeepInfra, save the API token, allow api.deepinfra.com for server-side requests, and wire it into this app without exposing the raw key.” Trusty Squire captures the provider credential directly into its write-only vault instead of returning it for an .env file. DEEPINFRA_API_KEY is a opaque api_key validated at 8 to 64 characters.
- Can Trusty Squire automate DeepInfra signup?
- For a new account, the reviewed skill uses github sign-in as the provider's signup path; for an existing identity, the same path signs in instead. Choose github sign-in. Continue through the recorded account flow. A hard CAPTCHA, payment, phone requirement, or human-only decision still stops the run for you.
- How does DeepInfra MCP provisioning keep the API key private?
- Trusty Squire is the MCP server between your coding agent and the vault. It stores the captured DeepInfra credential as a write-only value, then returns a reference or scoped egress grant instead of the raw provider key. The backend grant can call only its configured provider host and remains revocable and auditable.
- What can I do with the generated DeepInfra credential?
- DeepInfra documents the bearer token for its native and OpenAI-compatible inference APIs, covering the models and modalities available to the account.
- What should I verify before using DeepInfra in production?
- Model availability, context limits, pricing, and optional scoped-JWT policy are not part of the registry record. Select a current model and set application-level budgets separately.