Secrets — storing credentials securely

Secrets store the API keys and credentials some agent tools need — encrypted, hidden from view, and never shown back to you or included in the agent's replies.

Last updated July 14, 2026

Some tools need a credential to work — an API key for an outside service, a token, or a login value. Secrets are where you store those safely for an agent to use. They're encrypted, kept out of sight, and never revealed back to you or included in anything the agent writes.

When you need a secret

Most of the time you won't. Praxivara's built-in integrations — Gmail, Slack, Salesforce, and the rest — handle their own secure connection when you connect them in a click, so there's nothing to store yourself.

You'll reach for a secret when an agent talks to a service that isn't a built-in integration and needs a key you were given by that service.

Adding a secret

Open the agent's Secrets tab

Find it alongside Tools, Skills, and Knowledge in the agent's configuration.

Add a name and value

Give the secret a clear name so a skill can refer to it, and paste in the value. Once saved, the value is hidden.

Reference it where needed

The agent uses the stored value when a tool or skill calls for it — without ever exposing it.

Keep credentials out of chat. Never paste a password or API key into a normal message or a skill's text. Store it as a secret so it stays encrypted and hidden.

How secrets stay safe

  • Encrypted at rest — values are stored securely, not in plain text.
  • Write-only — once saved, a secret's value isn't shown back to you. To change it, you overwrite it.
  • Never leaked — the agent uses secrets to do its job but won't repeat them in its replies or outputs.
Tip. Rotate a secret whenever you'd rotate the underlying key — after a team change, or on your usual security schedule. Just overwrite the stored value.

Next steps

Was this page helpful?