Secrets

Secrets are a special type of context values, with one key distinction: while regular context values are generated on the frontend, secrets are stored securely on the backend and never appear on the frontend.

Secrets are securely stored using AES-256 encryption (see: Advanced Encryption Standard), and their values are only revealed at the moment of use. Once a secret is created, its value cannot be viewed or modified. If you are unsure of the current value or need to update it, we recommend deleting the existing secret and creating a new one.

You can use secrets similarly to standard context values, but only in specific contexts. For example, inserting a secret into a redirect URL is not allowed, but using it in HTTP request headers is supported.

You can track the last time a secret was accessed using the Last used field in the Secrets list.

WARNING

We take all necessary actions to securely store your secrets. However, you may still transmit their values—for example, as part of an HTTP request. When working with secrets, always exercise heightened caution. We cannot protect your secrets if you accidentally send them to an unintended destination.

Quotas

Secrets are scoped to a widget, meaning each widget can access only its own secrets. However, the quota for secrets is allocated at the organization level. This means that if your plan includes 5 secrets, you are free to distribute them as you see fit. For example, if you have 2 widgets, you could assign 2 secrets to one and 3 to the other, or all 5 to a single widget.