> ## Documentation Index
> Fetch the complete documentation index at: https://docs.browser-use.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Pass domain-scoped credentials to the agent securely.

Pass credentials to the agent scoped by domain. The agent uses them only on matching domains.

<CodeGroup>
  ```python Python theme={null}
  from browser_use_sdk import AsyncBrowserUse

  client = AsyncBrowserUse()
  result = await client.run(
      "Log into GitHub and star the browser-use/browser-use repo",
      secrets={"github.com": "username:password123"},
      allowed_domains=["github.com"],
  )
  ```

  ```typescript TypeScript theme={null}
  import { BrowserUse } from "browser-use-sdk";

  const client = new BrowserUse();
  const result = await client.run(
    "Log into GitHub and star the browser-use/browser-use repo",
    {
      secrets: { "github.com": "username:password123" },
      allowedDomains: ["github.com"],
    },
  );
  ```
</CodeGroup>

Use `allowed_domains` to restrict the agent to specific domains. Supports wildcards: `example.com`, `*.example.com`.

For SSO/OAuth redirects, include all domains in the auth flow:

<CodeGroup>
  ```python Python theme={null}
  result = await client.run(
      "Log into the company portal and download the Q4 report",
      secrets={
          "portal.example.com": "user@company.com:password123",
          "okta.com": "user@company.com:password123",
      },
      allowed_domains=["portal.example.com", "*.okta.com"],
  )
  ```

  ```typescript TypeScript theme={null}
  const result = await client.run(
    "Log into the company portal and download the Q4 report",
    {
      secrets: {
        "portal.example.com": "user@company.com:password123",
        "okta.com": "user@company.com:password123",
      },
      allowedDomains: ["portal.example.com", "*.okta.com"],
    },
  );
  ```
</CodeGroup>