diff --git a/src/cli/commands/add/__tests__/add-identity.test.ts b/src/cli/commands/add/__tests__/add-identity.test.ts
index b281486a3..d2fcd62e8 100644
--- a/src/cli/commands/add/__tests__/add-identity.test.ts
+++ b/src/cli/commands/add/__tests__/add-identity.test.ts
@@ -5,7 +5,7 @@ import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 
-describe('add identity command', () => {
+describe('add credential command', () => {
   let testDir: string;
   let projectDir: string;
 
@@ -28,7 +28,7 @@ describe('add identity command', () => {
 
   describe('validation', () => {
     it('requires name flag', async () => {
-      const result = await runCLI(['add', 'identity', '--json'], projectDir);
+      const result = await runCLI(['add', 'credential', '--json'], projectDir);
       expect(result.exitCode).toBe(1);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(false);
@@ -36,7 +36,7 @@ describe('add identity command', () => {
     });
 
     it('requires api-key flag', async () => {
-      const result = await runCLI(['add', 'identity', '--name', 'test', '--json'], projectDir);
+      const result = await runCLI(['add', 'credential', '--name', 'test', '--json'], projectDir);
       expect(result.exitCode).toBe(1);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(false);
@@ -44,11 +44,11 @@ describe('add identity command', () => {
     });
   });
 
-  describe('identity creation', () => {
+  describe('credential creation', () => {
     it('creates credential as top-level resource', async () => {
       const identityName = `id${Date.now()}`;
       const result = await runCLI(
-        ['add', 'identity', '--name', identityName, '--api-key', 'test-key-123', '--json'],
+        ['add', 'credential', '--name', identityName, '--api-key', 'test-key-123', '--json'],
         projectDir
       );
 
@@ -65,13 +65,13 @@ describe('add identity command', () => {
     });
   });
 
-  describe('oauth identity creation', () => {
+  describe('oauth credential creation', () => {
     it('creates OAuth credential with discovery URL and scopes', async () => {
       const identityName = `oauth-${Date.now()}`;
       const result = await runCLI(
         [
           'add',
-          'identity',
+          'credential',
           '--type',
           'oauth',
           '--name',
diff --git a/src/cli/commands/add/__tests__/validate.test.ts b/src/cli/commands/add/__tests__/validate.test.ts
index 25522e428..9ae55daf2 100644
--- a/src/cli/commands/add/__tests__/validate.test.ts
+++ b/src/cli/commands/add/__tests__/validate.test.ts
@@ -1,15 +1,15 @@
 import type {
   AddAgentOptions,
+  AddCredentialOptions,
   AddGatewayOptions,
   AddGatewayTargetOptions,
-  AddIdentityOptions,
   AddMemoryOptions,
 } from '../types.js';
 import {
   validateAddAgentOptions,
+  validateAddCredentialOptions,
   validateAddGatewayOptions,
   validateAddGatewayTargetOptions,
-  validateAddIdentityOptions,
   validateAddMemoryOptions,
 } from '../validate.js';
 import { existsSync, readFileSync } from 'fs';
@@ -75,7 +75,7 @@ const validMemoryOptions: AddMemoryOptions = {
   strategies: 'SEMANTIC,SUMMARIZATION',
 };
 
-const validIdentityOptions: AddIdentityOptions = {
+const validCredentialOptions: AddCredentialOptions = {
   name: 'test-identity',
   apiKey: 'test-key',
 };
@@ -996,17 +996,17 @@ describe('validate', () => {
     });
   });
 
-  describe('validateAddIdentityOptions', () => {
+  describe('validateAddCredentialOptions', () => {
     // AC23: Required fields validated
     it('returns error for missing required fields', () => {
-      const requiredFields: { field: keyof AddIdentityOptions; error: string }[] = [
+      const requiredFields: { field: keyof AddCredentialOptions; error: string }[] = [
         { field: 'name', error: '--name is required' },
         { field: 'apiKey', error: '--api-key is required' },
       ];
 
       for (const { field, error } of requiredFields) {
-        const opts = { ...validIdentityOptions, [field]: undefined };
-        const result = validateAddIdentityOptions(opts);
+        const opts = { ...validCredentialOptions, [field]: undefined };
+        const result = validateAddCredentialOptions(opts);
         expect(result.valid, `Should fail for missing ${String(field)}`).toBe(false);
         expect(result.error).toBe(error);
       }
@@ -1014,7 +1014,7 @@ describe('validate', () => {
 
     // AC25: Valid options pass
     it('passes for valid options', () => {
-      expect(validateAddIdentityOptions(validIdentityOptions)).toEqual({ valid: true });
+      expect(validateAddCredentialOptions(validCredentialOptions)).toEqual({ valid: true });
     });
   });
 
@@ -1193,9 +1193,9 @@ describe('validate', () => {
     });
   });
 
-  describe('validateAddIdentityOptions OAuth', () => {
+  describe('validateAddCredentialOptions OAuth', () => {
     it('passes for valid OAuth identity', () => {
-      const result = validateAddIdentityOptions({
+      const result = validateAddCredentialOptions({
         name: 'my-oauth',
         type: 'oauth',
         discoveryUrl: 'https://auth.example.com/.well-known/openid-configuration',
@@ -1206,7 +1206,7 @@ describe('validate', () => {
     });
 
     it('returns error for OAuth without discovery-url', () => {
-      const result = validateAddIdentityOptions({
+      const result = validateAddCredentialOptions({
         name: 'my-oauth',
         type: 'oauth',
         clientId: 'client123',
@@ -1217,7 +1217,7 @@ describe('validate', () => {
     });
 
     it('returns error for OAuth without client-id', () => {
-      const result = validateAddIdentityOptions({
+      const result = validateAddCredentialOptions({
         name: 'my-oauth',
         type: 'oauth',
         discoveryUrl: 'https://auth.example.com',
@@ -1228,7 +1228,7 @@ describe('validate', () => {
     });
 
     it('returns error for OAuth without client-secret', () => {
-      const result = validateAddIdentityOptions({
+      const result = validateAddCredentialOptions({
         name: 'my-oauth',
         type: 'oauth',
         discoveryUrl: 'https://auth.example.com',
@@ -1239,7 +1239,7 @@ describe('validate', () => {
     });
 
     it('still requires api-key for default type', () => {
-      const result = validateAddIdentityOptions({ name: 'my-key' });
+      const result = validateAddCredentialOptions({ name: 'my-key' });
       expect(result.valid).toBe(false);
       expect(result.error).toContain('--api-key');
     });
diff --git a/src/cli/commands/add/command.tsx b/src/cli/commands/add/command.tsx
index c11df2cce..a94d8658e 100644
--- a/src/cli/commands/add/command.tsx
+++ b/src/cli/commands/add/command.tsx
@@ -33,7 +33,7 @@ export function registerAdd(program: Command): Command {
     );
   });
 
-  // Subcommands (agent, memory, identity, gateway, gateway-target) are registered
+  // Subcommands (agent, memory, credential, gateway, gateway-target) are registered
   // via primitive.registerCommands() in cli.ts
 
   return addCmd;
diff --git a/src/cli/commands/add/types.ts b/src/cli/commands/add/types.ts
index 21ecd7f93..f0b846c31 100644
--- a/src/cli/commands/add/types.ts
+++ b/src/cli/commands/add/types.ts
@@ -118,8 +118,8 @@ export interface AddMemoryResult {
   error?: string;
 }
 
-// Identity types (v2: credential, no owner/user concept)
-export interface AddIdentityOptions {
+// Credential types (v2: credential, no owner/user concept)
+export interface AddCredentialOptions {
   name?: string;
   type?: 'api-key' | 'oauth';
   apiKey?: string;
@@ -130,7 +130,10 @@ export interface AddIdentityOptions {
   json?: boolean;
 }
 
-export interface AddIdentityResult {
+/** @deprecated Use AddCredentialOptions */
+export type AddIdentityOptions = AddCredentialOptions;
+
+export interface AddCredentialResult {
   success: boolean;
   credentialName?: string;
   error?: string;
diff --git a/src/cli/commands/add/validate.ts b/src/cli/commands/add/validate.ts
index e87b1513a..44a010168 100644
--- a/src/cli/commands/add/validate.ts
+++ b/src/cli/commands/add/validate.ts
@@ -19,9 +19,9 @@ import { validateVpcOptions } from '../shared/vpc-utils';
 import { validateJwtAuthorizerOptions } from './auth-options';
 import type {
   AddAgentOptions,
+  AddCredentialOptions,
   AddGatewayOptions,
   AddGatewayTargetOptions,
-  AddIdentityOptions,
   AddMemoryOptions,
 } from './types';
 import { existsSync, readFileSync } from 'fs';
@@ -50,7 +50,7 @@ async function validateCredentialExists(credentialName: string): Promise<Validat
       if (availableCredentials.length === 0) {
         return {
           valid: false,
-          error: `Credential "${credentialName}" not found. No credentials are configured. Add credentials using 'agentcore add identity'.`,
+          error: `Credential "${credentialName}" not found. No credentials are configured. Add credentials using 'agentcore add credential'.`,
         };
       }
       return {
@@ -680,8 +680,8 @@ export function validateAddMemoryOptions(options: AddMemoryOptions): ValidationR
   return { valid: true };
 }
 
-// Identity validation (v2: credential resource, no owner)
-export function validateAddIdentityOptions(options: AddIdentityOptions): ValidationResult {
+// Credential validation (v2: credential resource, no owner)
+export function validateAddCredentialOptions(options: AddCredentialOptions): ValidationResult {
   if (!options.name) {
     return { valid: false, error: '--name is required' };
   }
diff --git a/src/cli/commands/deploy/command.tsx b/src/cli/commands/deploy/command.tsx
index 8be865713..96780c67b 100644
--- a/src/cli/commands/deploy/command.tsx
+++ b/src/cli/commands/deploy/command.tsx
@@ -90,7 +90,7 @@ async function handleDeployCLI(options: DeployOptions): Promise<void> {
     if (options.diff) {
       console.log(`\n✓ Diff complete for '${result.targetName}' (stack: ${result.stackName})`);
     } else if (options.plan) {
-      console.log(`\n✓ Plan complete for '${result.targetName}' (stack: ${result.stackName})`);
+      console.log(`\n✓ Dry run complete for '${result.targetName}' (stack: ${result.stackName})`);
       console.log('\nRun `agentcore deploy` to deploy.');
     } else {
       console.log(`\n✓ Deployed to '${result.targetName}' (stack: ${result.stackName})`);
@@ -136,7 +136,8 @@ export const registerDeploy = (program: Command) => {
     .option('-y, --yes', 'Auto-confirm prompts, read credentials from env [non-interactive]')
     .option('-v, --verbose', 'Show resource-level deployment events [non-interactive]')
     .option('--json', 'Output as JSON [non-interactive]')
-    .option('--plan', 'Preview deployment without deploying (dry-run) [non-interactive]')
+    .option('--dry-run', 'Preview deployment without deploying [non-interactive]')
+    .option('--plan', 'Preview deployment without deploying (alias for --dry-run) [non-interactive]')
     .option('--diff', 'Show CDK diff without deploying [non-interactive]')
     .action(
       async (cliOptions: {
@@ -144,15 +145,18 @@ export const registerDeploy = (program: Command) => {
         yes?: boolean;
         verbose?: boolean;
         json?: boolean;
+        dryRun?: boolean;
         plan?: boolean;
         diff?: boolean;
       }) => {
         try {
           requireProject();
-          if (cliOptions.json || cliOptions.target || cliOptions.plan || cliOptions.yes || cliOptions.verbose) {
+          const isDryRun = cliOptions.dryRun ?? cliOptions.plan;
+          if (cliOptions.json || cliOptions.target || isDryRun || cliOptions.yes || cliOptions.verbose) {
             // CLI mode - any flag triggers non-interactive mode
             const options = {
               ...cliOptions,
+              plan: isDryRun,
               target: cliOptions.target ?? 'default',
               progress: !cliOptions.json,
             };
diff --git a/src/cli/commands/remove/__tests__/remove-identity.test.ts b/src/cli/commands/remove/__tests__/remove-identity.test.ts
index 5a133ad67..ac0169947 100644
--- a/src/cli/commands/remove/__tests__/remove-identity.test.ts
+++ b/src/cli/commands/remove/__tests__/remove-identity.test.ts
@@ -5,7 +5,7 @@ import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 
-describe('remove identity command', () => {
+describe('remove credential command', () => {
   let testDir: string;
   let projectDir: string;
   const identityName = 'TestIdentity';
@@ -24,7 +24,7 @@ describe('remove identity command', () => {
 
     // Add identity as top-level credential
     result = await runCLI(
-      ['add', 'identity', '--name', identityName, '--api-key', 'test-key-123', '--json'],
+      ['add', 'credential', '--name', identityName, '--api-key', 'test-key-123', '--json'],
       projectDir
     );
     if (result.exitCode !== 0) {
@@ -38,7 +38,7 @@ describe('remove identity command', () => {
 
   describe('validation', () => {
     it('requires name flag', async () => {
-      const result = await runCLI(['remove', 'identity', '--json'], projectDir);
+      const result = await runCLI(['remove', 'credential', '--json'], projectDir);
       expect(result.exitCode).toBe(1);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(false);
@@ -46,7 +46,7 @@ describe('remove identity command', () => {
     });
 
     it('rejects non-existent identity', async () => {
-      const result = await runCLI(['remove', 'identity', '--name', 'nonexistent', '--json'], projectDir);
+      const result = await runCLI(['remove', 'credential', '--name', 'nonexistent', '--json'], projectDir);
       expect(result.exitCode).toBe(1);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(false);
@@ -58,9 +58,9 @@ describe('remove identity command', () => {
     it('removes credential without dependents', async () => {
       // Add a temp credential to remove
       const tempId = `tempId${Date.now()}`;
-      await runCLI(['add', 'identity', '--name', tempId, '--api-key', 'temp-key', '--json'], projectDir);
+      await runCLI(['add', 'credential', '--name', tempId, '--api-key', 'temp-key', '--json'], projectDir);
 
-      const result = await runCLI(['remove', 'identity', '--name', tempId, '--json'], projectDir);
+      const result = await runCLI(['remove', 'credential', '--name', tempId, '--json'], projectDir);
       expect(result.exitCode, `stdout: ${result.stdout}`).toBe(0);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(true);
@@ -72,7 +72,7 @@ describe('remove identity command', () => {
     });
 
     it('removes the setup credential', async () => {
-      const result = await runCLI(['remove', 'identity', '--name', identityName, '--json'], projectDir);
+      const result = await runCLI(['remove', 'credential', '--name', identityName, '--json'], projectDir);
       expect(result.exitCode, `stdout: ${result.stdout}`).toBe(0);
       const json = JSON.parse(result.stdout);
       expect(json.success).toBe(true);
diff --git a/src/cli/commands/remove/__tests__/validate.test.ts b/src/cli/commands/remove/__tests__/validate.test.ts
index 3d421a151..c286ed3b3 100644
--- a/src/cli/commands/remove/__tests__/validate.test.ts
+++ b/src/cli/commands/remove/__tests__/validate.test.ts
@@ -21,7 +21,7 @@ describe('validateRemoveOptions', () => {
   });
 
   it('returns valid with no json and no name', () => {
-    expect(validateRemoveOptions({ resourceType: 'identity' })).toEqual({ valid: true });
+    expect(validateRemoveOptions({ resourceType: 'credential' })).toEqual({ valid: true });
   });
 });
 
diff --git a/src/cli/commands/remove/command.tsx b/src/cli/commands/remove/command.tsx
index fe508cb86..53ae9ad4c 100644
--- a/src/cli/commands/remove/command.tsx
+++ b/src/cli/commands/remove/command.tsx
@@ -62,15 +62,17 @@ export const registerRemove = (program: Command): Command => {
   removeCommand
     .command('all')
     .description('Reset all agentcore schemas to empty state')
-    .option('--force', 'Skip confirmation prompts [non-interactive]')
+    .option('-y, --yes', 'Skip confirmation prompts [non-interactive]')
+    .option('--force', 'Skip confirmation prompts (alias for --yes) [non-interactive]')
     .option('--dry-run', 'Show what would be reset without actually resetting [non-interactive]')
     .option('--json', 'Output as JSON [non-interactive]')
-    .action(async (cliOptions: { force?: boolean; dryRun?: boolean; json?: boolean }) => {
+    .action(async (cliOptions: { yes?: boolean; force?: boolean; dryRun?: boolean; json?: boolean }) => {
       try {
+        const skipConfirm = cliOptions.yes ?? cliOptions.force;
         // Any flag triggers non-interactive CLI mode
-        if (cliOptions.force || cliOptions.dryRun || cliOptions.json) {
+        if (skipConfirm || cliOptions.dryRun || cliOptions.json) {
           await handleRemoveAllCLI({
-            force: cliOptions.force,
+            force: skipConfirm,
             dryRun: cliOptions.dryRun,
             json: cliOptions.json,
           });
@@ -95,7 +97,7 @@ export const registerRemove = (program: Command): Command => {
       }
     });
 
-  // Resource subcommands (agent, memory, identity, gateway, mcp-tool) are registered
+  // Resource subcommands (agent, memory, credential, gateway, mcp-tool) are registered
   // via primitive.registerCommands() in cli.ts
 
   // Catch-all for TUI fallback when no subcommand is specified.
diff --git a/src/cli/commands/remove/types.ts b/src/cli/commands/remove/types.ts
index a97d0e88e..237d31532 100644
--- a/src/cli/commands/remove/types.ts
+++ b/src/cli/commands/remove/types.ts
@@ -3,7 +3,7 @@ export type ResourceType =
   | 'gateway'
   | 'gateway-target'
   | 'memory'
-  | 'identity'
+  | 'credential'
   | 'evaluator'
   | 'online-eval'
   | 'policy-engine'
diff --git a/src/cli/logging/remove-logger.ts b/src/cli/logging/remove-logger.ts
index 094f617d9..2bfffcaa4 100644
--- a/src/cli/logging/remove-logger.ts
+++ b/src/cli/logging/remove-logger.ts
@@ -10,7 +10,7 @@ export interface RemoveLoggerOptions {
   resourceType:
     | 'agent'
     | 'memory'
-    | 'identity'
+    | 'credential'
     | 'gateway'
     | 'gateway-target'
     | 'evaluator'
diff --git a/src/cli/primitives/BasePrimitive.ts b/src/cli/primitives/BasePrimitive.ts
index a0e13785c..9fce88706 100644
--- a/src/cli/primitives/BasePrimitive.ts
+++ b/src/cli/primitives/BasePrimitive.ts
@@ -23,10 +23,10 @@ export abstract class BasePrimitive<
   /** Shared ConfigIO instance for agentcore.json operations. */
   protected readonly configIO = new ConfigIO();
 
-  /** Resource kind identifier (e.g., 'agent', 'memory', 'identity', 'gateway', 'mcp-tool') */
+  /** Resource kind identifier (e.g., 'agent', 'memory', 'credential', 'gateway', 'mcp-tool') */
   abstract readonly kind: ResourceType;
 
-  /** Human-readable label (e.g., 'Agent', 'Memory', 'Identity') */
+  /** Human-readable label (e.g., 'Agent', 'Memory', 'Credential') */
   abstract readonly label: string;
 
   /** Zod schema for validating the primitive's config */
@@ -103,17 +103,19 @@ export abstract class BasePrimitive<
       .command(this.kind)
       .description(`Remove ${this.article} ${this.label.toLowerCase()} from the project`)
       .option('--name <name>', 'Name of resource to remove [non-interactive]')
-      .option('--force', 'Skip confirmation prompt [non-interactive]')
+      .option('-y, --yes', 'Skip confirmation prompt [non-interactive]')
+      .option('--force', 'Skip confirmation prompt (alias for --yes) [non-interactive]')
       .option('--json', 'Output as JSON [non-interactive]')
-      .action(async (cliOptions: { name?: string; force?: boolean; json?: boolean }) => {
+      .action(async (cliOptions: { name?: string; yes?: boolean; force?: boolean; json?: boolean }) => {
         try {
           if (!findConfigRoot()) {
             console.error('No agentcore project found. Run `agentcore create` first.');
             process.exit(1);
           }
 
+          const skipConfirm = cliOptions.yes ?? cliOptions.force;
           // Any flag triggers non-interactive CLI mode
-          if (cliOptions.name || cliOptions.force || cliOptions.json) {
+          if (cliOptions.name || skipConfirm || cliOptions.json) {
             if (!cliOptions.name) {
               console.log(JSON.stringify({ success: false, error: '--name is required' }));
               process.exit(1);
diff --git a/src/cli/primitives/CredentialPrimitive.tsx b/src/cli/primitives/CredentialPrimitive.tsx
index 7ef8ec083..bbec3a2ec 100644
--- a/src/cli/primitives/CredentialPrimitive.tsx
+++ b/src/cli/primitives/CredentialPrimitive.tsx
@@ -1,7 +1,7 @@
 import { findConfigRoot, getEnvVar, setEnvVar } from '../../lib';
 import type { Credential, ModelProvider } from '../../schema';
 import { CredentialSchema } from '../../schema';
-import { validateAddIdentityOptions } from '../commands/add/validate';
+import { validateAddCredentialOptions } from '../commands/add/validate';
 import { getErrorMessage } from '../errors';
 import type { RemovalPreview, RemovalResult, SchemaChange } from '../operations/remove/types';
 import { BasePrimitive } from './BasePrimitive';
@@ -63,11 +63,11 @@ export interface CredentialStrategy {
  * Absorbs logic from create-identity.ts and remove-identity.ts.
  */
 export class CredentialPrimitive extends BasePrimitive<AddCredentialOptions, RemovableCredential> {
-  readonly kind = 'identity';
-  readonly label = 'Identity';
+  readonly kind = 'credential';
+  readonly label = 'Credential';
   readonly primitiveSchema = CredentialSchema;
 
-  protected override readonly article: string = 'an';
+  protected override readonly article: string = 'a';
 
   async add(options: AddCredentialOptions): Promise<AddResult<{ credentialName: string }>> {
     try {
@@ -250,9 +250,9 @@ export class CredentialPrimitive extends BasePrimitive<AddCredentialOptions, Rem
   }
 
   registerCommands(addCmd: Command, removeCmd: Command): void {
-    addCmd
-      .command('identity')
-      .description('Add an identity (credential) to the project')
+    const credentialCmd = addCmd
+      .command('credential')
+      .description('Add a credential to the project')
       .option('--name <name>', 'Credential name [non-interactive]')
       .option('--api-key <key>', 'The API key value [non-interactive]')
       .option('--json', 'Output as JSON [non-interactive]')
@@ -289,7 +289,7 @@ export class CredentialPrimitive extends BasePrimitive<AddCredentialOptions, Rem
               cliOptions.scopes
             ) {
               // CLI mode
-              const validation = validateAddIdentityOptions({
+              const validation = validateAddCredentialOptions({
                 name: cliOptions.name,
                 type: cliOptions.type as 'api-key' | 'oauth' | undefined,
                 apiKey: cliOptions.apiKey,
@@ -366,6 +366,9 @@ export class CredentialPrimitive extends BasePrimitive<AddCredentialOptions, Rem
         }
       );
 
+    // Backward-compat alias: `agentcore add identity` → `agentcore add credential`
+    credentialCmd.alias('identity');
+
     this.registerRemoveSubcommand(removeCmd);
   }
 
diff --git a/src/cli/tui/copy.ts b/src/cli/tui/copy.ts
index a3541544e..d6ba1bd71 100644
--- a/src/cli/tui/copy.ts
+++ b/src/cli/tui/copy.ts
@@ -29,7 +29,7 @@ export const COMMAND_DESCRIPTIONS = {
   /** Main program description */
   program: 'Build and deploy Agentic AI applications on AgentCore',
   /** Command descriptions */
-  add: 'Add resources (agent, evaluator, online-eval, memory, identity, target)',
+  add: 'Add resources (agent, evaluator, online-eval, memory, credential, target)',
   create: 'Create a new AgentCore project',
   deploy: 'Deploy project infrastructure to AWS via CDK.',
   dev: 'Launch local development server with hot-reload.',
diff --git a/src/cli/tui/hooks/useRemove.ts b/src/cli/tui/hooks/useRemove.ts
index e7a7aa73c..ad97362ac 100644
--- a/src/cli/tui/hooks/useRemove.ts
+++ b/src/cli/tui/hooks/useRemove.ts
@@ -284,7 +284,7 @@ export function useRemoveMemory() {
 export function useRemoveIdentity() {
   return useRemoveResource(
     (name: string) => credentialPrimitive.remove(name),
-    'identity',
+    'credential',
     name => name
   );
 }
diff --git a/src/cli/tui/screens/add/AddFlow.tsx b/src/cli/tui/screens/add/AddFlow.tsx
index dda50f3cc..85da20b00 100644
--- a/src/cli/tui/screens/add/AddFlow.tsx
+++ b/src/cli/tui/screens/add/AddFlow.tsx
@@ -189,7 +189,7 @@ export function AddFlow(props: AddFlowProps) {
       case 'memory':
         setFlow({ name: 'memory-wizard' });
         break;
-      case 'identity':
+      case 'credential':
         setFlow({ name: 'identity-wizard' });
         break;
       case 'evaluator':
diff --git a/src/cli/tui/screens/add/AddScreen.tsx b/src/cli/tui/screens/add/AddScreen.tsx
index 4fdf37061..d8241f8c5 100644
--- a/src/cli/tui/screens/add/AddScreen.tsx
+++ b/src/cli/tui/screens/add/AddScreen.tsx
@@ -4,7 +4,7 @@ import { SelectScreen } from '../../components';
 const ADD_RESOURCES = [
   { id: 'agent', title: 'Agent', description: 'Deploy an HTTP, MCP, or A2A agent' },
   { id: 'memory', title: 'Memory', description: 'Persistent context storage' },
-  { id: 'identity', title: 'Identity', description: 'API key credential providers' },
+  { id: 'credential', title: 'Credential', description: 'API key credential providers' },
   { id: 'evaluator', title: 'Evaluator', description: 'Custom LLM-as-a-Judge evaluator' },
   { id: 'online-eval', title: 'Online Eval Config', description: 'Continuous evaluation pipeline' },
   { id: 'gateway', title: 'Gateway', description: 'Route and manage gateway targets' },
diff --git a/src/cli/tui/screens/remove/RemoveFlow.tsx b/src/cli/tui/screens/remove/RemoveFlow.tsx
index 63d98583a..f4f85acd2 100644
--- a/src/cli/tui/screens/remove/RemoveFlow.tsx
+++ b/src/cli/tui/screens/remove/RemoveFlow.tsx
@@ -86,7 +86,7 @@ interface RemoveFlowProps {
     | 'gateway'
     | 'gateway-target'
     | 'memory'
-    | 'identity'
+    | 'credential'
     | 'evaluator'
     | 'online-eval'
     | 'policy-engine'
@@ -114,7 +114,7 @@ export function RemoveFlow({
         return { name: 'select-gateway-target' };
       case 'memory':
         return { name: 'select-memory' };
-      case 'identity':
+      case 'credential':
         return { name: 'select-identity' };
       case 'evaluator':
         return { name: 'select-evaluator' };
@@ -239,7 +239,7 @@ export function RemoveFlow({
       case 'memory':
         setFlow({ name: 'select-memory' });
         break;
-      case 'identity':
+      case 'credential':
         setFlow({ name: 'select-identity' });
         break;
       case 'evaluator':
@@ -485,7 +485,7 @@ export function RemoveFlow({
         case 'memory':
           void handleSelectMemory(initialResourceName);
           break;
-        case 'identity':
+        case 'credential':
           void handleSelectIdentity(initialResourceName);
           break;
         case 'evaluator':
@@ -722,7 +722,7 @@ export function RemoveFlow({
         gatewayCount={gateways.length}
         mcpToolCount={mcpTools.length}
         memoryCount={memories.length}
-        identityCount={identities.length}
+        credentialCount={identities.length}
         evaluatorCount={evaluators.length}
         onlineEvalCount={onlineEvalConfigs.length}
         policyEngineCount={policyEngines.length}
@@ -1030,8 +1030,8 @@ export function RemoveFlow({
     return (
       <RemoveSuccessScreen
         isInteractive={isInteractive}
-        message={`Removed identity: ${flow.identityName}`}
-        detail="Identity provider removed from agentcore.json. Deploy with `agentcore deploy` to apply changes."
+        message={`Removed credential: ${flow.identityName}`}
+        detail="Credential removed from agentcore.json. Deploy with `agentcore deploy` to apply changes."
         logFilePath={flow.logFilePath}
         onRemoveAnother={() => {
           resetAll();
diff --git a/src/cli/tui/screens/remove/RemoveScreen.tsx b/src/cli/tui/screens/remove/RemoveScreen.tsx
index 02f64766b..f562b0ff6 100644
--- a/src/cli/tui/screens/remove/RemoveScreen.tsx
+++ b/src/cli/tui/screens/remove/RemoveScreen.tsx
@@ -5,7 +5,7 @@ import { useMemo } from 'react';
 const REMOVE_RESOURCES = [
   { id: 'agent', title: 'Agent', description: 'Remove an agent from the project' },
   { id: 'memory', title: 'Memory', description: 'Remove a memory provider' },
-  { id: 'identity', title: 'Identity', description: 'Remove an identity provider' },
+  { id: 'credential', title: 'Credential', description: 'Remove a credential' },
   { id: 'evaluator', title: 'Evaluator', description: 'Remove a custom evaluator' },
   { id: 'online-eval', title: 'Online Eval Config', description: 'Remove an online eval config' },
   { id: 'policy-engine', title: 'Policy Engine', description: 'Remove a policy engine' },
@@ -28,8 +28,8 @@ interface RemoveScreenProps {
   mcpToolCount: number;
   /** Number of memories available for removal */
   memoryCount: number;
-  /** Number of identities available for removal */
-  identityCount: number;
+  /** Number of credentials available for removal */
+  credentialCount: number;
   /** Number of evaluators available for removal */
   evaluatorCount: number;
   /** Number of online eval configs available for removal */
@@ -47,7 +47,7 @@ export function RemoveScreen({
   gatewayCount,
   mcpToolCount,
   memoryCount,
-  identityCount,
+  credentialCount,
   evaluatorCount,
   onlineEvalCount,
   policyEngineCount,
@@ -83,10 +83,10 @@ export function RemoveScreen({
             description = 'No memories to remove';
           }
           break;
-        case 'identity':
-          if (identityCount === 0) {
+        case 'credential':
+          if (credentialCount === 0) {
             disabled = true;
-            description = 'No identities to remove';
+            description = 'No credentials to remove';
           }
           break;
         case 'evaluator':
@@ -125,7 +125,7 @@ export function RemoveScreen({
     gatewayCount,
     mcpToolCount,
     memoryCount,
-    identityCount,
+    credentialCount,
     evaluatorCount,
     onlineEvalCount,
     policyEngineCount,
diff --git a/src/cli/tui/screens/remove/__tests__/RemoveScreen.test.tsx b/src/cli/tui/screens/remove/__tests__/RemoveScreen.test.tsx
index c926e67c0..92087fc66 100644
--- a/src/cli/tui/screens/remove/__tests__/RemoveScreen.test.tsx
+++ b/src/cli/tui/screens/remove/__tests__/RemoveScreen.test.tsx
@@ -16,7 +16,7 @@ describe('RemoveScreen', () => {
         gatewayCount={1}
         mcpToolCount={1}
         memoryCount={1}
-        identityCount={1}
+        credentialCount={1}
         evaluatorCount={1}
         onlineEvalCount={1}
         policyEngineCount={1}
@@ -46,7 +46,7 @@ describe('RemoveScreen', () => {
         gatewayCount={0}
         mcpToolCount={0}
         memoryCount={0}
-        identityCount={0}
+        credentialCount={0}
         evaluatorCount={0}
         onlineEvalCount={0}
         policyEngineCount={0}