Secrets let you securely store sensitive data like API keys or tokens and use them in your agents without hardcoding values directly into your workflow. This is especially useful when using REST actions to call external services. By using secrets, you can keep credentials safe, reduce duplication across agents, and simplify maintenance if values ever change.

When to Use Secrets

Use a secret whenever you’re working with:
  • API keys (e.g. OpenWeather, Slack, Notion)
  • Authorization tokens
  • Other sensitive config values you don’t want exposed in your agent steps
Secrets Pn

How to Add a Secret

To add a new secret:
  1. Go to the Secrets tab from the profile navigation menu.
  2. Click Add secret
  3. Enter a name (e.g. weather_api_key) and the secret value
  4. Click Save
Once saved, your secret will appear in the list as a masked value. You’ll reference it by name in your agents, not by its raw value.

How to Use a Secret in an Agent

Anywhere you’d normally paste an API key or token in a REST call or prompt, use the secret reference format: 
{{secrets.weather_api_key}}
For example, in your REST action’s header: 
{
  "Authorization": "Bearer {{secrets.weather_api_key}}"
}
Or directly in your request URL or body: 
{
  "url": "https://api.example.com/data?key={{secrets.weather_api_key}}"
}

Best Practices

  • Use clear, descriptive names (e.g. notion_token, slack_webhook)
  • Avoid including the actual key in prompt text or test runs
  • Rotate or update secrets as needed in the Secrets tab without having to update your agents
Questions about configuring secrets and handling sensitive credentials in Agent.ai? Reach out to our support team.