Organizational Secrets Management: API Keys & Credentials | Nife Docs
Store and manage sensitive information securely at the organization level.
What are Organizational Secrets?#
Organizational Secrets are sensitive data stored securely at the organization level, such as:
- API keys and tokens
- Database passwords
- Third-party service credentials
- Configuration values
- License keys
Accessing Organizational Secrets#
Steps#
- Click Organizations in the main navigation
- Click the Organizational Secrets tab
- You'll see all secrets for the current organization
Create a Secret#
Steps#
- Go to the Organizational Secrets tab
- Click Add Secret
- Enter the secret details:
- Name: Unique identifier for the secret
- Value: The sensitive data
- Description: Optional details about the secret
- Click Create
Naming Best Practices#
Use clear, descriptive names:
- โ
DATABASE_PASSWORD_PROD - โ
STRIPE_API_KEY_LIVE - โ
SLACK_WEBHOOK_URL - โ
secret123 - โ
password - โ
key
View Secrets#
The secrets list shows:
- Secret Name - The identifier you gave it
- Last Updated - When it was last modified
- Created By - Who created the secret
- Status - Whether it's active
Values are hidden by default for security. Click the eye icon to reveal a secret value.
Update a Secret#
Steps#
- Find the secret in the list
- Click Edit or the pencil icon
- Update the value and/or description
- Click Save
The secret is immediately updated and available to use.
Delete a Secret#
Steps#
- Find the secret in the list
- Click Delete or the trash icon
- Confirm the deletion
โ ๏ธ Warning: Deleted secrets cannot be recovered. Make sure you're deleting the correct secret.
Use Secrets in Applications#
Once created, use secrets in your applications by referencing their names:
The system automatically injects the secret values at runtime.
Secret Visibility#
Secrets are:
- โ Visible to organization members with appropriate roles
- โ Hidden from viewers (unless explicitly configured)
- โ Encrypted in storage
- โ Never displayed in logs
Security Practices#
โ Use strong values - Generate secure random values for passwords and keys
โ Regular rotation - Update secrets periodically
โ Limited access - Only give access to people who need it
โ Document secrets - Keep track of what each secret is for
โ Audit usage - Monitor who accesses which secrets
โ Delete unused - Remove secrets that are no longer needed
Secret Management Best Practices#
Organization-Level Secrets#
Use for:
- Shared credentials
- Database connections
- Third-party service keys
- Configuration that applies to multiple applications
Application-Level Secrets#
Use for:
- Application-specific configuration
- Feature flags
- Debug settings
Environment-Specific Secrets#
Maintain separate secrets for:
- Development
- Staging
- Production
Use naming convention to identify:
API_KEY_DEVAPI_KEY_STAGINGAPI_KEY_PROD
Troubleshooting#
Secret value is showing as empty?#
- Refresh the page
- Verify the secret was created successfully
- Check if you have permission to view secrets
Can't create a secret?#
- Verify you have the correct role (Admin or Member)
- Check that the secret name is unique
- Make sure the value isn't empty
Forgot the secret value?#
- If you remember the name, you can view it by clicking the eye icon
- If you forgot the value completely, you'll need to update it with the correct value
- There's no way to recover a forgotten secret value
Need to share a secret with a team member?#
- Add them to the organization with appropriate role
- They'll have access to all organization secrets
- Alternatively, ask an admin to share specific secrets
Security Considerations#
๐ Encryption: All secrets are encrypted in storage
๐ Access Control: Only organization members can access
๐ Audit Trail: Access to secrets is logged
๐ No Backups: Deleted secrets cannot be recovered
Common Secrets to Store#
Database Credentials:
DB_HOSTDB_USERDB_PASSWORDDB_PORT
API Keys:
STRIPE_API_KEYGITHUB_TOKENAWS_ACCESS_KEYAWS_SECRET_KEY
Service URLs:
SMTP_SERVERREDIS_URLELASTICSEARCH_URL