Secrets
Store API keys, tokens, and sensitive values — encrypted, scoped, and never returned over the API
What are secrets?
Secrets are sensitive values — API keys, tokens, passwords — that your agents and connections need but that should never be stored in plain text. Manage them under Settings → Secrets.
Every secret is encrypted at rest in Studio’s credential vault. Once stored, a secret’s value is never returned over the API — Studio can use it, but it can’t be read back out, even by you.
Scopes
Each secret has a scope that controls who can use it:
- Organization — visible to all members of the org. Use this for shared credentials your team’s agents rely on.
- Private — visible only to you. Use this for personal keys you don’t want to share.
Names are case-insensitive within a scope and may contain letters, digits, underscores, dots, and hyphens (for example, STRIPE_API_KEY ).
Creating a secret
- Open Settings → Secrets.
- Click New secret.
- Pick a scope (Organization or Private), give it a name and value, and optionally a description of what it’s for.
- Click Create secret.
The value is written straight to the vault. To rotate a secret, create it again with the same name; to stop using one, delete it.
Secrets are for arbitrary sensitive values. Credentials for a specific connection (OAuth tokens, per-connection keys) are managed where you set up that connection — also encrypted, also never exposed to your team.
Found an error or want to improve this page?
Edit this page