Secrets are key-value pairs that store sensitive data like API keys, tokens, and passwords. Instead of hardcoding values into your workflows, you store them as secrets and reference them by name at runtime.
Managing Secrets
To manage secrets, open your workspace Settings and navigate to the Secrets tab.
Secrets are organized into two sections:
- Workspace — shared with all members of your workspace
- Personal — private to you
External workspace members count as workspace members for workspace-scoped secrets. They can use workspace secrets according to their workspace permission level, even though they are not members of your organization.
Adding a Secret
Type a key name (e.g. OPENAI_API_KEY) into the Key column and its value into the Value column in the last empty row. A new empty row appears automatically as you type. Existing values are masked by default.
When you're done, click Save to persist all changes.
Keys must use only letters, numbers, and underscores — no spaces or special characters.
Bulk Import
You can populate multiple secrets at once by pasting .env-style content into any key or value field. The parser supports standard KEY=VALUE pairs, export KEY=VALUE, quoted values, and inline comments.
Editing and Deleting
Click directly into any key or value cell to edit it. To delete a secret, click the trash icon on its row and save.
Using Secrets in Workflows
To reference a secret in any input field, type {{ to open the variable dropdown. Your available secrets are listed grouped by scope (workspace, then personal).
Select the secret you want to use. The reference appears highlighted in blue and is resolved to its actual value at runtime.
Secret values are never exposed in the workflow editor or execution logs — they are only resolved during execution.
Secret Details
Click Details on any secret row to open its detail view.
From here you can:
- Edit the Display Name and Description
- Manage Members — invite teammates by email and assign them an Admin or Member role
Click Save to apply changes, or Back to return to the list.
Workspace vs. Personal
| Workspace | Personal | |
|---|---|---|
| Visibility | All workspace members, including external workspace members | Only you |
| Use in workflows | Any member can use | Only you can use |
| Best for | Production workflows, shared services | Testing, personal API keys |
| Who can edit | Workspace admins | Only you |
When a workspace secret and a personal secret share the same key name, the workspace secret takes precedence.
Resolution Order
When a workflow runs, secrets resolve in this order:
- Workspace secrets are checked first
- Personal secrets are used as a fallback — from the user who triggered the run (manual) or the workflow owner (automated runs via API, webhook, or schedule)
Best Practices
- Use workspace secrets for production so workflows work regardless of who triggers them
- Use personal secrets for development to keep test keys separate
- Name keys descriptively —
STRIPE_SECRET_KEYoverKEY1 - Never hardcode secrets in workflow input fields — always use
{{KEY}}references