Manage secrets

Secrets centralize the credentials for your integrations so you can reference them in connection configurations and HTTP Request workflow steps.

You store each secret once and then reuse it across supported integrations.

Prerequisites

• You are logged in to ValidMind.
• You are assigned a role that can edit integrations settings, such as Customer Admin.¹
• You collected the scoped credentials required by the external platform, for example a Jira personal access token, an MLflow username and password, or AWS access keys.

¹ Manage permissions

Integration secrets

Integration secrets authenticate persistent connections to external platforms. You store each secret once and then reuse it across supported integrations by selecting it from a dropdown when configuring a connection.

Add integration secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Integration Secrets tab.

3. Click Add Secret.

4. Fill in the details:

   • secret name — Enter an easily identifiable label that indicates which system the secret belongs to.
   • description (optional) — Summarize when to use the secret or who owns it so other admins know whether it is safe to re-use.
   • secret value — Paste the credential exactly as issued by the external system. The value is encrypted and never displayed in plaintext again.
   • expiration date (optional) — Set a rotation reminder if the external system enforces key expiry.

5. Click Create Secret.

The secret can now be selected when configuring connections.²

² Configure connections

TipFor secrets with expiration dates

Recommended: Create a new secret and update integrations that should use it.

Or, to continue using the same secret, extend the expiration date.

View integration secret details

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Integration Secrets tab.

3. Click the secret you want to view.

Edit integration secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Integration Secrets tab.

3. Click the secret you want to change.

4. In the modal that appears, click Edit Secret.

5. Make your changes. For example:

   • secret value — Paste a new value if the external platform issued a replacement token.
   • expiration date (optional) — Extend the expiry window if you want to keep the secret active for longer.

6. Click Update Secret to save your changes.

Revoke integration secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Integration Secrets tab.

3. Hover over the secret you want to change.

4. When appears, click on it and select Revoke.

5. On the confirmation dialogue that appears, select OK to confirm revocation.

Revocation immediately disables the secret so it can no longer be used, but does not remove it.

Delete integration secrets

WarningDeleting a secret is permanent.

Be sure to update any connections that depend on this secret before deleting it.

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Integration Secrets tab.

3. Hover over the secret you want to remove.

4. When appears, click it, then select Delete.

5. In the confirmation dialog, select OK to confirm deletion.

Webhook secrets

Webhook secrets authenticate outgoing HTTP requests in workflows. Instead of hardcoding credentials directly into HTTP Request step header values, you store secrets once and reference them using {secret:name} syntax. HTTPS is enforced when secrets are used.

Add webhook secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Webhook Secrets tab.

3. Click Add Secret.

4. Fill in the details:

   • secret name — Enter an easily identifiable label. Use this name to reference the secret: {secret:secret_name}.
   • description (optional) — Summarize what the secret is used for.
   • secret value — Paste the credential. The value is encrypted at rest and never displayed in plaintext again.
   • expiration date (optional) — Set a rotation reminder if the credential expires.

5. Click Create Secret.

The secret can now be referenced in HTTP Request step headers using {secret:secret_name} syntax.

Usage example

In a workflow HTTP Request step, add a header:

• Header Name: Authorization
  
• Header Value: Bearer {{secret:jira_pat}}

At runtime, the workflow engine replaces {secret:jira_pat} with the stored value and sends the request over HTTPS.

View webhook secret details

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Webhook Secrets tab.

3. Click the secret you want to view.

Edit webhook secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Webhook Secrets tab.

3. Click the secret you want to change.

4. Make your changes. For example:

   • secret value — Paste a new value if the credential was rotated.
   • expiration date (optional) — Extend the expiry window.

5. Click Update Secret to save your changes.

Revoke webhook secrets

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Webhook Secrets tab.

3. Hover over the secret you want to revoke.

4. When appears, click on it and select Revoke.

5. On the confirmation dialogue that appears, select OK to confirm revocation.

Revocation immediately disables the secret. Any HTTP Request workflow steps referencing it will fail until you update them to use an active secret.

Delete webhook secrets

WarningDeleting a secret is permanent.

Be sure to update any HTTP Request workflow steps that depend on this secret before deleting it.

1. In the left sidebar, click Settings.

2. Under Integrations, select Secrets, then open the Webhook Secrets tab.

3. Hover over the secret you want to remove.

4. When appears, click it, then select Delete.

5. In the confirmation dialog, select OK to confirm deletion.