Managing secrets with the Secret Manager lets you securely store and reuse sensitive credentials across your agents. These secrets can be applied in HTTP Request headers and Webhook triggers without exposing raw values.
Creating a Secret
- Open the Agent Builder and open a node's configuration panel where a secret is needed.
- In the secret selector, click + Create new secret or the Create secret icon.
- Enter a Secret name.
- Select the Type from the available options:
- Basic Authentication requires a Username and Password.
- Bearer Token requires a single Token.
- Custom requires a raw Token value.
- Click Create. The secret's value is masked once saved.
Secrets are masked for security and can be revealed only in edit mode using the "Show value" icon.
Using a Secret in an HTTP Request Node
- In the node's Headers section, add a header.
- Set the header Type to Secret.
- Select an existing secret or create a new one using the secret selector.
Using a Secret in a Webhook Trigger
- Open the Webhook trigger's per-vendor signing-secret field.
- Use the secret selector to select or create a Custom secret. Field labels vary by vendor, such as Slack Signing Secret, Monday App Token, and SmartSheet Shared Secret.
For Monday and SmartSheet, leaving the signing-secret field empty skips request authentication.
Editing a Secret
- Open the Edit secret form from the secret selector.
- Change the name or value as needed. The type cannot be changed after creation.
- Click the Show value icon to reveal the current value while editing.
- Save your changes. Leaving the value blank keeps the existing value unchanged.
Deleting a Secret
- Select the Delete secret action in the secret selector.
- If the secret is still used by an agent, remove it from those agents first — the agents referencing it are listed.
- Once the secret is no longer referenced, delete it.
A secret can only be deleted when it is not used by any agent. Secrets are scoped per Oktopost Account and must have a unique name within the account.