Secrets Vault

The Secrets Vault lets you store sensitive credentials — API keys, tokens, passwords — securely within your project. Secrets are encrypted at rest and never exposed in API responses. Use them in agent tools and instructions via placeholders that are resolved at execution time.

Managing Secrets

Navigate to Secrets in the sidebar to view and manage your project's secrets.

Creating a Secret

1. Click Create Secret
2. Fill in the fields:
   • Name: An identifier using uppercase letters, digits, and underscores (e.g., OPENAI_API_KEY, MY_TOKEN). Must match the pattern ^[A-Z_][A-Z0-9_]*$.
   • Value: The sensitive credential. After saving, the value is encrypted and cannot be viewed again — only a hint (first 4 and last 4 characters) is shown.
   • Description (optional): A human-readable note to help identify the secret's purpose.
3. Click Save

Editing a Secret

You can update a secret's value and description at any time. The name cannot be changed — delete and recreate the secret if you need a different name.

Deleting a Secret

Deleting a secret is irreversible. Before deleting, verify that no agent tools or instructions reference the secret's placeholder.

Cloning Secrets

To copy a secret to another project:

1. Click the actions menu (⋮) on the secret row
2. Select Clone
3. Choose the target project
4. Click Confirm

The secret is duplicated with the same name and value in the target project.

Using Secrets in Agents

In API Integration Tools

When configuring an API tool's headers, use the placeholder to reference a secret:

Authorization: Bearer {{MY_API_TOKEN}}
X-Custom-Header: {{SERVICE_KEY}}

The placeholder is resolved to the actual secret value at the moment the tool executes. The raw value is never stored in the tool configuration.

In Agent Instructions

You can also use placeholders in agent instructions. The secret is resolved before the instructions are sent to the LLM.

WARNING

Secrets in instructions are resolved before being sent to the model. Ensure you only reference secrets that are safe for the LLM to see in the instruction context.

Permissions

Permission	What it allows
secrets:read	View the list of secrets (name, hint, description)
secrets:manage	Create, edit, delete, and clone secrets

Project Scope

Secrets belong to a specific project and are not shared between projects. Use the Clone feature to duplicate secrets across projects when needed.

TIP

When duplicating a project setup, clone your secrets first to ensure agent tools have access to the same credentials in the new project.