Secrets API
The core endpoints for interacting with your sensitive data.
Secrets Management
List Secrets (Metadata)
GET /projects/{pid}/envs/{eid}/secrets
Returns a list of secrets without their values for performance and security.
Get Secret (Decrypted)
GET /secrets/{sid}
Returns the secret object including the decrypted value. Access is logged to the audit system.
Bulk Pull (SDK/CLI)
GET /envs/{eid}/secrets/values
Primary SDK Endpoint. Returns all secrets for an environment as a flat JSON map. Requires a valid API token.
Create/Update Secret
POST /projects/{pid}/envs/{eid}/secrets
{ "key": "DATABASE_URL", "value": "postgresql://user:pass@host:5432/db", "expires_at": null }
Version History
GET /secrets/{sid}/versions
Returns the metadata for all previous versions. Values are encrypted at rest.
Secret References
You can use references in your values. The API resolves these at read-time.
- Input:
postgresql://${secret:DB_USER}:${secret:DB_PASS}@localhost/db - Output:
postgresql://admin:supersecret@localhost/db
Last updated: 4/20/2026Report Issue