Skip to main content

Stored Browser Credentials

Stored credentials let Bankr sign you in to websites without you pasting passwords into chat. You set them up once for the sites you use, and Bankr fills them in automatically when it lands on the right login page.

This is for ordinary login forms — email/password style. It's not a way to feed arbitrary data to Bankr or to the page.

How It Works

Each set of credentials is tied to a specific site (or set of sites). When Bankr opens a login page, it checks that the page is on the allowed site for that credential, and only then fills in the field. The values stay safely stored and never appear in chat or in anything Bankr returns to you.

Setting It Up

Stored credentials live in your Settings → Env Vars in Bankr. For each site you want Bankr to sign in to, you add three entries: a username/email, a password, and the website(s) where the credential is allowed to be used.

Each entry uses a name in the format:

BROWSER_CREDENTIAL_<SITE>_<FIELD>

<SITE> is a label you choose for the site (letters, numbers, underscores, or hyphens). <FIELD> is one of EMAIL, USERNAME, or PASSWORD. You also add an ALLOWED_ORIGINS entry that locks the credential to a specific website address.

Example: Amazon

In Settings → Env Vars, add:

NameValue
BROWSER_CREDENTIAL_AMAZON_EMAILalice@example.com
BROWSER_CREDENTIAL_AMAZON_PASSWORDyour password
BROWSER_CREDENTIAL_AMAZON_ALLOWED_ORIGINShttps://www.amazon.com

Once saved, ask Bankr to do something on Amazon that requires sign-in. Bankr will fill the form on its own.

Multiple Allowed Sites

If a site uses several login domains, list them comma-separated:

BROWSER_CREDENTIAL_SHOP_ALLOWED_ORIGINS=https://shop.example.com,https://checkout.example.com

The full website address has to match exactly — same scheme (https), same subdomain (www.amazon.com is not the same as amazon.com), and no trailing path.

Safety

Stored credentials are designed to fail closed:

  • A credential set for one site will not fill on a different site, even one with a similar name.
  • Bankr never returns the password value back to you, prints it in chat, or includes it in screenshots.
  • Bankr can only read credentials that follow the BROWSER_CREDENTIAL_* naming convention — other entries in your env vars are off-limits to the browser.

When You'll Still Be Asked

Even with stored credentials, you'll still be pulled in for:

  • One-time codes sent to your email, phone, or authenticator app.
  • CAPTCHA challenges.
  • Any final purchase or money-moving step.

These exist on purpose so an automated sign-in can't be turned into an automated checkout without your explicit OK.

If Sign-In Fails

If Bankr says it couldn't sign in, the most common causes are:

  • The credential isn't saved yet. Add it in Settings → Env Vars before asking Bankr to use the site.
  • The allowed website is wrong. Make sure the ALLOWED_ORIGINS entry is the exact site Bankr is on — full address with https://, no path. For example, https://www.amazon.com, not https://www.amazon.com/ap/signin.
  • The site asked for a one-time code or CAPTCHA. Bankr will ask you for it directly rather than guessing.