Secrets

Encrypted values available in workflows as {{ secrets.NAME }}.

Managing secrets

UI: Settings → Secrets

API:

# Create/update
curl -X PUT http://localhost:4000/api/secrets/STRIPE_KEY \
  -H "Dispatched-Session: $TOKEN" \
  -d '{"value": "sk_test_..."}'

# List names
curl http://localhost:4000/api/secrets \
  -H "Dispatched-Session: $TOKEN"

# Delete
curl -X DELETE http://localhost:4000/api/secrets/STRIPE_KEY \
  -H "Dispatched-Session: $TOKEN"

Rules

• Names must be UPPER_SNAKE_CASE
• Values are write-only — cannot be retrieved after creation
• Encrypted with tenant’s wrapping key (AES-256-GCM)
• authorization and x-api-key headers are redacted from events
• Resolved at execution time, never stored in definitions