Secrets Management
Securely store and inject credentials at runtime
What is the Vault?
The Vault is ViksaAI's secure secrets management system. Store API keys, database credentials, and other sensitive data that your agents need at runtime. Secrets are encrypted and never exposed in logs or UI.
Security Features
Encrypted at Rest
Secrets are encrypted using AES-256 before storage
Never Logged
Secret values are never written to logs or outputs
Masked in UI
Values are never displayed in the user interface
Organization Scoped
Secrets are isolated per organization
Creating Secrets
- 1
Navigate to Vault
From the sidebar, click on Vault
- 2
Click "Create Secret"
Opens the secret creation dialog
- 3
Enter Details
Provide name, value, and optional description
- 4
Save
Secret is stored securely
Using Secrets in Agents
Secrets are injected as environment variables when your agent executes:
import os
def call_external_api():
# Secret is injected as environment variable
api_key = os.environ.get("MY_API_KEY")
if not api_key:
raise ValueError("MY_API_KEY not configured")
# Use the API key
headers = {"Authorization": f"Bearer {api_key}"}
response = requests.get("https://api.example.com", headers=headers)
return response.json()Referencing Secrets in Agent Config
In your agent configuration, specify which secrets to inject:
| Field | Description |
|---|---|
| Secret Name | The name of the secret in your Vault |
| Environment Variable | The env var name your code expects |
Best Practices
- Use descriptive names (e.g., SLACK_BOT_TOKEN not TOKEN1)
- Rotate secrets regularly
- Use service accounts instead of personal API keys
- Delete unused secrets
- Never print secret values in agent code