Skip to main content
Developer content — This page requires Python familiarity. If you’re configuring the UI only, you can skip this section. Non-technical operators should share this page with their developer.
Store API keys, tokens, and credentials securely so your agent’s functions can call external services without exposing secrets in code. Without Secrets, credentials end up hardcoded in function code — a security risk that may expose them in logs or version history.
Secrets are managed at the account level, not inside individual agents. Access the Secrets Vault from the Secrets tab in the top bar of the workspace homepage.
Secrets Vault access

Why use secrets

Hardcoding credentials in function code is a security risk. Secrets solve this by:
  • Centralizing credentials — Store once, use across multiple functions.
  • Controlling access — Grant each secret to only the agents that need it.
  • Masking values — Secret values are hidden by default in the UI. They reveal on focus and re-mask when you click away.

How secrets work

  1. You create a secret in the Secrets Vault with a name, optional description, and value.
  2. You grant access to specific agents.
  3. Functions retrieve the secret at runtime using conv.utils.get_secret("secret_name").
api_key = conv.utils.get_secret("stripe_api_key")
response = requests.get(url, headers={"Authorization": f"Bearer {api_key}"})

Storage formats

Secrets can be stored as:
  • Single value — A plain string (e.g., an API key).
  • Key/value pairs — A dictionary of related credentials (e.g., client_id and client_secret).

Next steps

Create a secret

Add a new secret to the Secrets Vault.

Manage access control

Grant secrets to specific agents.

Use in functions

Retrieve secrets at runtime in your code.
Last modified on March 31, 2026