Skip to main content
Each secret has its own access list that controls which agents can retrieve it at runtime. An agent without access will fail if its function attempts to call conv.utils.get_secret() for that secret.

Managing access

1

Open the secret

From the workspace homepage, click the Secrets tab in the top bar, then click the secret you want to configure.
2

Edit agent access

Scroll to the Agent access section. You will see a list of all agents in your account.
3

Select agents

Check the box next to each agent that should be able to retrieve this secret. Uncheck any agents that no longer need access.
4

Save

Click Save to apply your changes. Access updates take effect immediately.

Principle of least privilege

Grant access only to agents that require a specific secret for their functions. For example, if only your booking agent calls the reservations API, only that agent should have access to the reservations_api_key secret.
When rotating credentials, update the secret value first, then test the affected agents before revoking old credentials in the external service.
Last modified on March 24, 2026