# Secrets

[Secrets](https://app.getcortexapp.com/admin/settings/secrets) are encrypted variables you can store in Cortex for your workspace environment. They can be accessed for use in various Cortex features, such as:

* [Plugin proxies](https://docs.cortex.io/streamline/plugins/creating-plugins/plugin-proxy), to allow secure authenticated access to various third-party APIs.
* [Workflows](https://docs.cortex.io/streamline/workflows), when configuring an HTTP Request action.

Secrets are securely encrypted and stored in Cortex’s database, and the secret values are not accessible via public or private APIs once saved.

### Accessing secrets

Secrets can only be accessed programmatically through features in Cortex. Secrets are generally referenced by configuration of the relevant feature through a templated string that uses Mustache-like syntax to reference the secret by tag. For instance, a plugin proxy header can reference a secret similar to the following example:

```json
{
  "name": "Authorization",
  "value": "Bearer {{ secrets.my_secret }}"
}
```

## Managing secrets 

### Create a secret

Secrets can be created in the Cortex UI or via the Cortex API. Your user or API token must have the `Create secrets` permission.

{% tabs %}
{% tab title="Cortex UI" %}
For convenience, secrets can be optionally named in a human-friendly manner. For programmatic access, secrets must have a unique tag that contains only alphanumeric characters and dashes.

To create a secret:

1. Go to [**Settings > Secrets**](https://app.getcortexapp.com/admin/settings/secrets) then click **Add secret**.

   <figure><img src="https://826863033-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FJW7pYRxS4dHS3Hv6wxve%2Fuploads%2Fgit-blob-c2d8cbb2fdf2a0e0f1e3bcbed18ae9b48a44bd25%2Fadd-secret.jpg?alt=media" alt=""><figcaption></figcaption></figure>
2. In the modal, configure your secret:
   * **Name**: Enter a user-friendly name.
   * **Identifier**: Enter a unique identifier for the secret, made of letters, digits, and underscores.
     * Note that tags cannot be edited after they are created.
   * **Secret value**: Enter your secret value.
     * This is usually the value of an API token or some other value from a third-party integration.
3. Click **Add secret**.
   {% endtab %}

{% tab title="API" %}
It is possible to create, read, update, and delete secrets via the Cortex API. See the [API documentation](https://app.gitbook.com/s/nPgS8L9MAPtoOtdWdeDp/readme/secrets) for more information.
{% endtab %}
{% endtabs %}

### Edit secrets in the Cortex UI

You must have the `Create secrets` permission to edit secrets.

To edit a secret:

1. Go to [**Settings > Secrets**](https://app.getcortexapp.com/admin/settings/secrets) then click the pencil icon next to the secret you want to edit.
2. In the modal, edit the secret name.
   * We recommend creating a user-friendly name for the secret.
3. Click **Save**.