Documentation is being updated. Some sections may not reflect the latest features.
Looking for step-by-step guides? Explore Tutorials →

Vault

Store and manage secrets securely within your workspace.

Overview

The Vault is a dedicated space in your workspace settings for storing sensitive values like API tokens, database credentials, and environment variables. Secrets are encrypted at rest using AES-256 and can be referenced in any workflow node using template variables. Secret values are never returned by the API — only key names and hints are visible.

How It Works

Secrets are encrypted key-value pairs. Reference them in your workflows using the {{secrets.YOUR_KEY}} syntax. Values are never exposed in logs or outputs.

Adding a Secret

  1. Navigate to Settings → Vault in your workspace
  2. Click + Add Secret
  3. Enter a key name (e.g., my_jwt_secret)
  4. Enter the secret value
  5. Save

The secret is now available across all workflows in your workspace.

Using Secrets in Workflows

Reference any stored secret in a node field using the template variable syntax:

{{secrets.my_jwt_secret}}
{{secrets.stripe_api_key}}
{{secrets.db_password}}

This works in any node field that supports variables — HTTP Request headers, Model prompts, and more.

Inside Code Execution Nodes

In Code Execution nodes, secrets are available on the variables object. Use variables.secrets.YOUR_KEY to access the value:

// Access a vault secret inside a Code node
const jwtSecret = variables.secrets.my_jwt_secret;
const apiKey = variables.secrets.stripe_api_key;

Template syntax {{secrets.KEY}} is for node fields. Code syntax variables.secrets.KEY is for Code Execution nodes.

Managing Secrets

Each secret in the Vault has three actions:

Action Description
Copy Variable Copies the {{secrets.KEY}} reference to your clipboard for quick use in nodes
Edit Update the secret's value. The key name remains the same.
Delete Permanently remove the secret from the workspace

Security

  • All values are encrypted using AES-256 at rest
  • Secret values are never returned by the API — only key names and hints are visible
  • Values are never exposed in logs or outputs
  • Secrets are scoped to the workspace and available to all workspace members

Best Practices

  • Use descriptive key names like stripe_api_key or db_connection_string
  • Rotate secrets regularly and update them via the Edit action
  • Avoid hardcoding sensitive values in Code Execution or HTTP Request nodes — use Vault references instead
  • Use the Copy Variable button to avoid typos when referencing secrets
AI AssistantPowered by Ubex
Beta
Ask me anything about Ubex workflows, nodes, or the API.