Store write-only workspace secrets and inject them into sandboxes through secret references. Secrets are managed under /workspaces/{workspaceId}/secrets.

What The Current API Supports

ActionEndpoint
List secret metadataGET /workspaces/{workspaceId}/secrets
Create secretPOST /workspaces/{workspaceId}/secrets
Get one secret metadata recordGET /workspaces/{workspaceId}/secrets/{secretId}
Update key and/or valuePATCH /workspaces/{workspaceId}/secrets/{secretId}
Delete secretDELETE /workspaces/{workspaceId}/secrets/{secretId}
CreateWorkspaceSecretDto currently accepts:
  • key
  • value
The API never returns the stored secret value after creation.

Using Secrets In Sandboxes

When creating a sandbox, use secretRefs to map a workspace secret into an environment variable: 
{
  "secretRefs": [
    {
      "secretId": "SECRET_ID",
      "envName": "DATABASE_URL"
    }
  ]
}

API Pages