# Secrets Manager

The Secrets Manager provides **secure storage** for sensitive values your project needs: API keys, tokens, database credentials, and configuration secrets that should not be hardcoded in your application.

<div data-with-frame="true"><figure><img src="https://708770081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1ICwJbq7EJdn5kBgXnQu%2Fuploads%2FBqJ2apuELDFGTqhYKqvH%2Fimage.png?alt=media&#x26;token=13c5d1d5-dd17-45ab-b0fb-102e19cebcc6" alt=""><figcaption></figcaption></figure></div>

### Why Secrets Manager Matters

Hardcoding credentials in application code creates security vulnerabilities and operational friction. Every key rotation requires a code change, secrets leak into version control, and access becomes impossible to audit. The Secrets Manager **centralizes credential storage** with **proper security controls**, separating sensitive configuration from your codebase.

With Secrets Manager, you can:

* **Store credentials encrypted** at rest with project-level isolation
* Reference secrets in workflows and pipelines **without exposing values** in code
* **Rotate credentials** without redeploying your application
* Restrict access to users with **appropriate permissions**

***

### Secret Structure

Each secret consists of a **name** and one or more **key-value pairs**. This structure allows grouping related credentials under a single identifier. For example, a secret named `database-config` might contain keys for `host`, `port`, `username`, and `password`.

{% hint style="warning" %}
Secret Values are hidden by default. Once saved, you cannot view them in plain text again, you can only delete or replace them.
{% endhint %}

***

### Using Secrets Manager

{% tabs %}
{% tab title="Via InteractiveAI Platform" %}
To create a secret using the Platform:

1. Navigate to Connect > Secrets Manager in the sidebar
2. Click + Add Secret
3. Enter a name and one or more key-value pairs
4. Click Save

<div data-with-frame="true"><figure><img src="https://708770081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1ICwJbq7EJdn5kBgXnQu%2Fuploads%2Fy8NpgiAX8d7xYSDXI9Sw%2FClipboard-20260311-124408-328.gif?alt=media&#x26;token=8dce3a6a-5dcf-4ec1-83f8-6c8b424a1d59" alt=""><figcaption></figcaption></figure></div>
{% endtab %}

{% tab title="Via InteractiveAI SDK" %}
Secrets are accessed through the async `platform.secrets` API:

```python
import asyncio
from interactiveai import Interactive

interactiveai = Interactive()

async def main():
    # List all secrets
    secrets = await interactiveai.platform.secrets.list()
    for s in secrets:
        print(f"{s.name} (keys: {s.keys})")

    # Get a specific secret by name
    secret = await interactiveai.platform.secrets.get("payment-service")
    payment_api_key = secret.data["api_key"]

    # Create a new secret
    await interactiveai.platform.secrets.create("my-secret", {"api_key": "sk-..."})

    # Update an existing secret
    await interactiveai.platform.secrets.update("my-secret", {"api_key": "sk-new-..."})

    # Delete a secret
    await interactiveai.platform.secrets.delete("my-secret")

asyncio.run(main())
```

All `platform.secrets` methods are async. Use `await` when calling them, or wrap them in `asyncio.run()` for synchronous scripts.
{% endtab %}
{% endtabs %}