Site Secrets
Securely store and manage sensitive configuration values like API keys, credentials, and connection strings.
Overview
Site Secrets provides a secure way to store sensitive information that your applications need at runtime. Secrets are encrypted at rest and can be accessed by your functions and services without exposing them in code.
Concepts
Secret
A secret is a key-value pair containing sensitive data such as API keys, database credentials, or third-party service tokens. Secrets are encrypted and securely stored.
Secret Type
A template that defines the structure of a secret. Secret types specify what fields a secret should contain and their validation rules.
Secret Scope
Secrets can be scoped to the site level (available to all apps) or app level (available only to a specific app).
View Secrets
- Navigate to your Site in the Dashboard.
- Click the Secrets tab.
- View the list of all site-level secrets.
Create a Secret
- Navigate to your Site in the Dashboard.
- Click the Secrets tab.
- Click Create Secret.
- Fill in the secret details:
- Name: A descriptive name for the secret
- Type: Select a secret type (if configured)
- Value: The secret value (encrypted on save)
- Click Create.
Use descriptive names that indicate what the secret is for, such as stripe_api_key or database_password.
View Secret Details
- Navigate to the Secrets tab.
- Click on a secret to view its details.
- The secret value is hidden by default for security.
- Click the Show button to reveal the value temporarily.
Be careful when revealing secret values, especially when screen sharing or in public spaces.
Update a Secret
- Navigate to the Secrets tab.
- Click the Edit icon on the secret you want to update.
- Update the secret value.
- Click Save.
Updating a secret value may require restarting services that use it.
Delete a Secret
- Navigate to the Secrets tab.
- Click the Delete (trash) icon on the secret.
- Confirm deletion in the dialog.
Deleting a secret may break applications that depend on it. Ensure no services are using the secret before deletion.
Secret Types
Secret types define the structure and validation for secrets.
View Secret Types
- Navigate to Site Settings.
- Click Secret Types in the sidebar.
- View all configured secret types.
Create a Secret Type
- Navigate to Site Settings > Secret Types.
- Click Create Secret Type.
- Configure the type:
- Name: Display name for the type
- Key: Unique identifier
- Schema: JSON schema defining required fields
- Click Create.
Using Secrets in Functions
Secrets can be accessed in your serverless functions at runtime:
- Secrets are injected as environment variables
- Access them using standard environment variable methods
- Never log or expose secret values in your code
Configuration
Secret Fields
| Field | Description | Required |
|---|---|---|
| Name | Descriptive name for the secret | Yes |
| Type | Secret type template | No |
| Value | The encrypted secret value | Yes |
| Description | Optional notes about the secret | No |
Best Practices
- Use descriptive names: Make it clear what each secret is for
- Rotate regularly: Update secrets periodically for security
- Limit access: Only give access to users who need it
- Don't hardcode: Always use secrets instead of hardcoding values
- Audit usage: Monitor which services use which secrets
Limits
| Resource | Limit |
|---|---|
| Secrets per site | 100 |
| Secret name length | 256 characters |
| Secret value size | 64 KB |
Need higher limits? Contact support to discuss your requirements.
Troubleshooting
Secret not available in function
Problem: A function cannot access a secret at runtime.
Solution:
- Verify the secret exists and is correctly named.
- Check that the function has access to site-level secrets.
- Redeploy the function after adding new secrets.
Cannot delete secret
Problem: Deletion fails with a dependency error.
Solution:
- Check which services are using the secret.
- Update or remove those dependencies first.
- Then delete the secret.
Related
Last Updated: January 2025