Should secrets go into Hermes Agent memory?
No. Secrets, API keys, tokens, and private credentials should stay in deliberate secret storage, not agent memory.
Persistent context
Hermes Agent memory
Hermes Agent memory is useful because it can carry context across sessions, but it should be managed like an operational data store. Old context can go stale, private details can become too reachable, and not every note belongs in agent memory.
Agent Guide is an independent editorial resource. It is not affiliated with, endorsed by, or sponsored by Nous Research, Hermes Agent, or Hermes/Hermes brand owners. Product names and marks belong to their respective owners.
Direct answer
Use Hermes Agent memory for stable preferences, workflow rules, recurring context, and project facts that should survive a single session. Do not use memory as a dumping ground for secrets, unreviewed customer data, or fast-changing facts that need verification.
The safest pattern is memory hygiene: decide what belongs in long-term memory, what belongs in a project note, what should expire, and what should never be stored.
Best for
- Recurring workflows with stable preferences or review rules.
- Project context that should not be re-explained every session.
- Operators comparing built-in memory with external memory providers.
- Obsidian or Markdown workflows where durable notes can complement agent memory.
Avoid if
- You cannot audit or delete sensitive context later.
- The workflow handles regulated, legal, medical, or customer-confidential data without policy review.
- Facts change frequently and should be rechecked from source each run.
- You expect memory to replace source-of-truth documentation.
What this page covers
- Hermes memory intent, persistent context, memory providers, stale context risk, privacy, and Obsidian relationship.
- How to decide between memory, project notes, and external docs.
What this page does not cover
- A benchmark of every memory provider.
- A guarantee that memory is private, encrypted, or compliant in every deployment.
- A separate Obsidian workflow, which has its own canonical page.
Quick steps
- Write a memory policy before adding sensitive workflows.
- Separate stable preferences from time-sensitive facts.
- Keep secrets, credentials, and customer-sensitive records out of memory.
- Review memory before connecting messaging, cron, or shared team workflows.
- Use Obsidian or project notes when humans need a readable source of truth.
Known breakpoints
| Breakpoint | Why it happens | Safer response |
|---|---|---|
| Agent repeats stale facts | Old memory outlived the source truth | Move time-sensitive facts into checked sources or project notes. |
| Sensitive data persists | Secrets or private details were stored in memory | Remove memory entries and rotate secrets if exposed. |
| Conflicting context | Multiple profiles or projects share assumptions | Use profiles and explicit project boundaries. |
| Memory bloat | Everything is stored instead of curated | Create keep/delete rules and review periodically. |
Security notes
- Memory should be treated as sensitive persistent state.
- Do not store provider keys, private prompts, tokens, or credentials in memory.
- Use separate profiles for personal, work, client, and public workflows.
- Review what memory can influence before scheduling unattended workflows.
Changelog
- 2026-06-02: Added as canonical memory and persistent-context page.
Official sources reviewed
| Source | Used for | Last checked | Confidence |
|---|---|---|---|
| Hermes Agent documentation | Hermes Agent feature scope, documentation structure, and official source navigation. | 2026-06-02 | high |
| Hermes Agent memory providers docs | Memory-provider options, persistent-memory framing, and privacy caveats. | 2026-06-02 | high |
| Hermes Agent profiles docs | Profile isolation, multi-profile operation, and future team-routing context. | 2026-06-02 | high |
| Hermes Agent security guide | Approval modes, gateway authorization, Docker terminal backend hardening, and credential cautions. | 2026-06-02 | high |
Known caveats: Memory-provider behavior can change. Verify official memory docs before choosing a production provider.
FAQ
Is Obsidian the same as Hermes memory?
No. Obsidian can be a human-readable knowledge base or workflow artifact store; Hermes memory is persistent agent context.
Operator checklist
Get the Agent Guide launch checklist
Receive the smoke-test order for install path, sandbox boundary, provider setup, source review, and production checks.