Organizational Secrets
Store and manage sensitive information securely at the organization level.
What are Organizational Secrets?
Organizational Secrets are sensitive data stored securely at the organization level, such as:
- API keys and tokens
- Database passwords
- Third-party service credentials
- Configuration values
- License keys
Accessing Organizational Secrets
Steps
- Click Organizations in the main navigation
- Click the Organizational Secrets tab
- You'll see all secrets for the current organization
Create a Secret
Steps
- Go to the Organizational Secrets tab
- Click Add Secret
- Enter the secret details:
- Name: Unique identifier for the secret
- Value: The sensitive data
- Description: Optional details about the secret
- Click Create
Naming Best Practices
Use clear, descriptive names:
- ✓
DATABASE_PASSWORD_PROD - ✓
STRIPE_API_KEY_LIVE - ✓
SLACK_WEBHOOK_URL - ✗
secret123 - ✗
password - ✗
key
View Secrets
The secrets list shows:
- Secret Name - The identifier you gave it
- Last Updated - When it was last modified
- Created By - Who created the secret
- Status - Whether it's active
Values are hidden by default for security. Click the eye icon to reveal a secret value.
Update a Secret
Steps
- Find the secret in the list
- Click Edit or the pencil icon
- Update the value and/or description
- Click Save
The secret is immediately updated and available to use.
Delete a Secret
Steps
- Find the secret in the list
- Click Delete or the trash icon
- Confirm the deletion
⚠️ Warning: Deleted secrets cannot be recovered. Make sure you're deleting the correct secret.
Use Secrets in Applications
Once created, use secrets in your applications by referencing their names:
$DATABASE_PASSWORD_PROD
$STRIPE_API_KEY_LIVE
$SLACK_WEBHOOK_URL
The system automatically injects the secret values at runtime.
Secret Visibility
Secrets are:
- ✓ Visible to organization members with appropriate roles
- ✓ Hidden from viewers (unless explicitly configured)
- ✓ Encrypted in storage
- ✓ Never displayed in logs
Security Practices
✓ Use strong values - Generate secure random values for passwords and keys
✓ Regular rotation - Update secrets periodically
✓ Limited access - Only give access to people who need it
✓ Document secrets - Keep track of what each secret is for
✓ Audit usage - Monitor who accesses which secrets
✓ Delete unused - Remove secrets that are no longer needed
Secret Management Best Practices
Organization-Level Secrets
Use for:
- Shared credentials
- Database connections
- Third-party service keys
- Configuration that applies to multiple applications
Application-Level Secrets
Use for:
- Application-specific configuration
- Feature flags
- Debug settings
Environment-Specific Secrets
Maintain separate secrets for:
- Development
- Staging
- Production
Use naming convention to identify:
API_KEY_DEVAPI_KEY_STAGINGAPI_KEY_PROD
Troubleshooting
Secret value is showing as empty?
- Refresh the page
- Verify the secret was created successfully
- Check if you have permission to view secrets
Can't create a secret?
- Verify you have the correct role (Admin or Member)
- Check that the secret name is unique
- Make sure the value isn't empty
Forgot the secret value?
- If you remember the name, you can view it by clicking the eye icon
- If you forgot the value completely, you'll need to update it with the correct value
- There's no way to recover a forgotten secret value
Need to share a secret with a team member?
- Add them to the organization with appropriate role
- They'll have access to all organization secrets
- Alternatively, ask an admin to share specific secrets
Security Considerations
🔐 Encryption: All secrets are encrypted in storage
🔐 Access Control: Only organization members can access
🔐 Audit Trail: Access to secrets is logged
🔐 No Backups: Deleted secrets cannot be recovered
Common Secrets to Store
Database Credentials:
DB_HOSTDB_USERDB_PASSWORDDB_PORT
API Keys:
STRIPE_API_KEYGITHUB_TOKENAWS_ACCESS_KEYAWS_SECRET_KEY
Service URLs:
SMTP_SERVERREDIS_URLELASTICSEARCH_URL