Skip to main content


Overview: about secrets

Secrets are encrypted variables you can store in Cortex for your workspace environment. Secrets can be accessed for use in other Cortex features, such as plugin proxies, to allow secure authenticated access to various third-party APIs. Secrets are securely encrypted and stored in Cortex’s database, and the secret values are not accessible via public or private APIs once saved.

Accessing secrets

Secrets can only be accessed programmatically through other features on Cortex. Secrets are generally referenced by configuration of the relevant feature through a templated string that uses Mustache-like syntax to reference the secret by tag. For instance, a plugin proxy header can reference a secret similar to the following example:

"name": "Authorization",
"value": "Bearer {{ secrets.my_secret }}"

Creating secrets

Secrets can only be created by admins. To create a secret, head to Settings -> Secrets and click the "Add secret" button. In the modal, choose a tag and input your secret value. We also recommend creating a user-friendly name for the secret, but sometimes it’s not necessary and you can always edit the name later (unlike the tag). Finish creating the secret by submitting the form with the "Create secret" button.

Editing secrets

Secrets can only be edited by admins. To edit a secret, head to Settings -> Secrets and click the pencil icon next to the secret you’d like to edit. In the modal, edit the secret name or input a replacement secret value. Note that once created, you cannot edit the unique secret tag.

Naming secrets

For convenience, secrets can be optionally named in a human-friendly manner. For programmatic access, secrets must have a unique tag that contains only alphanumeric characters and dashes.