Workspace → Secrets holds encrypted credentials referenced by tools as {{ secret.API_KEY }} style placeholders. Values are never shown again after creation — only names and prefixes.
Using secrets in tools
- Create a secret with a memorable name (e.g. STRIPE_API_KEY).
- In a tool definition, reference it in headers or body templates.
- At runtime the engine resolves the secret from the vault — not from the flow JSON.
Revoke
Revoking a secret immediately breaks tools that depend on it. Create a replacement secret and update tool configs before revoking the old one.