Feature hasn't been suggested before.
Describe the enhancement you want to request
I use OpenCode client on my office computer that connects to remote servers via Opencode Server . The current remote workflow has a lot of friction because each remote OpenCode server needs its own provider/API credentials configured locally.
For example, if I use OpenRouter, I want to add my OpenRouter API key once on my desktop OpenCode client and then connect to remote servers without manually adding/copying that key to every server.
Right now, the practical options are all awkward:
- Run /connect separately on every remote server
- Copy ~/.local/share/opencode/auth.json to each server
- Inject provider API keys through SSH/env vars
- Use an external gateway/proxy just to centralize credentials
All of these either add operational overhead or increase the chance of leaking long-lived API keys.
Remote development is common. Many users build and run apps on VPS machines, cloud dev boxes, staging servers, and production-like environments. Requiring provider credentials to be configured separately on every server makes remote OpenCode harder to use and less secure.
Implementation Options
Option 1: Temporary In-Memory Key Handoff
The desktop client sends the provider API key to the remote OpenCode server over the authenticated OpenCode client/server connection when a remote session starts.
The remote server keeps the key only in memory.
Option 2: Client-Side Provider Proxy
Add a stronger security mode where the remote server never receives raw provider credentials. Model requests are routed through the desktop client, which owns provider credentials and forwards requests to the provider.
Feature hasn't been suggested before.
Describe the enhancement you want to request
I use OpenCode client on my office computer that connects to remote servers via Opencode Server . The current remote workflow has a lot of friction because each remote OpenCode server needs its own provider/API credentials configured locally.
For example, if I use OpenRouter, I want to add my OpenRouter API key once on my desktop OpenCode client and then connect to remote servers without manually adding/copying that key to every server.
Right now, the practical options are all awkward:
All of these either add operational overhead or increase the chance of leaking long-lived API keys.
Remote development is common. Many users build and run apps on VPS machines, cloud dev boxes, staging servers, and production-like environments. Requiring provider credentials to be configured separately on every server makes remote OpenCode harder to use and less secure.
Implementation Options
Option 1: Temporary In-Memory Key Handoff
The desktop client sends the provider API key to the remote OpenCode server over the authenticated OpenCode client/server connection when a remote session starts.
The remote server keeps the key only in memory.
Option 2: Client-Side Provider Proxy
Add a stronger security mode where the remote server never receives raw provider credentials. Model requests are routed through the desktop client, which owns provider credentials and forwards requests to the provider.