Manage secrets

Published

July 14, 2026

Secrets centralize the credentials for your integrations so you can reference them in connection configurations and HTTP Request workflow steps.

You store each secret once and then reuse it across supported integrations.

Prerequisites

Integration secrets

Integration secrets authenticate persistent connections to external platforms. You store each secret once and then reuse it across supported integrations by selecting it from a dropdown when configuring a connection.

  1. In the left sidebar, click Settings.

  2. Under Integrations, select Secrets, then click the Integration Secrets tab to view, add, edit, revoke, or delete integration secrets:

View integration secret details

Click the secret you want to view.

Add or edit integration secrets

  1. Click Add Secret.

  2. Fill in the details:

    • Secret Name — Enter an easily identifiable label that indicates which system the secret belongs to.
    • Description (optional) — Summarize when to use the secret or who owns it so other admins know whether it is safe to re-use.
    • Secret Value — Paste the credential exactly as issued by the external system. The value is encrypted and never displayed in plaintext again.
    • Expiration Date (optional) — Set a rotation reminder if the external system enforces key expiry.
  3. Click Create Secret.

The secret can now be selected when configuring connections.2

  1. Click the secret you want to modify.

  2. In the modal that appears, click Edit Secret.

  3. Make your changes. For example:

    • Secret Value — Paste a new value if the external platform issued a replacement token.
    • Expiration Date (optional) — Extend the expiry window if you want to keep the secret active for longer.
  4. Click Update Secret to save your changes.

Revoke or delete integration secrets

  1. Hover over the secret you want to revoke.

  2. When the menu appears, click on it and select Revoke.

  3. On the confirmation dialogue that appears, select OK to confirm revocation.

Revocation immediately disables the secret so it can no longer be used, but does not remove it.

ImportantDeleting a secret is permanent.

Be sure to update any connections that depend on this secret before deleting it.

  1. Hover over the secret you want to remove.

  2. When the menu appears, click it, then select Delete.

  3. In the confirmation dialog, select OK to confirm deletion.


(Recommended) Create a new secret and update integrations that should use it.

Or, to continue using the same secret, extend the expiration date.

Webhook secrets

Webhook secrets authenticate outgoing HTTP requests in workflows. Instead of hardcoding credentials directly into HTTP Request step header values, you store secrets once and reference them using {secret:name} syntax. HTTPS is enforced when secrets are used.

  1. In the left sidebar, click Settings.

  2. Under Integrations, select Secrets, then click the Webhook Secrets tab to view, add, edit, revoke, or delete webhook secrets:

View webhook secret details

Click the secret you want to view.

Add or edit webhook secrets

  1. Click Add Secret.

  2. Fill in the details:

    • Secret Name — Enter an easily identifiable label. Use this name to reference the secret: {secret:secret_name}.
    • Description (optional) — Summarize what the secret is used for.
    • Secret Value — Paste the credential. The value is encrypted at rest and never displayed in plaintext again.
    • Expiration Date (optional) — Set a rotation reminder if the credential expires.
  3. Click Create Secret.

The secret can now be referenced in HTTP Request step headers using {secret:secret_name} syntax.


In a workflow HTTP Request step, add a header:

  • Header Name: Authorization
  • Header Value: Bearer {{secret:jira_pat}}

At runtime, the workflow engine replaces {secret:jira_pat} with the stored value and sends the request over HTTPS.

  1. Click the secret you want to modify.

  2. Make your changes. For example:

    • Secret Value — Paste a new value if the credential was rotated.
    • Expiration Date (optional) — Extend the expiry window.
  3. Click Update Secret to save your changes.

Revoke or delete webhook secrets

  1. Hover over the secret you want to revoke.

  2. When the menu appears, click on it and select Revoke.

  3. On the confirmation dialogue that appears, select OK to confirm revocation.

Revocation immediately disables the secret. Any HTTP Request workflow steps referencing it will fail until you update them to use an active secret.

ImportantDeleting a secret is permanent.

Be sure to update any HTTP Request workflow steps that depend on this secret before deleting it.

  1. Hover over the secret you want to remove.

  2. When the menu appears, click it, then select Delete.

  3. In the confirmation dialog, select OK to confirm deletion.