Back to overview
keys & secrets

Keep your keys and secrets safe.

Store API keys and secrets once. Each app, deploy, and agent only ever sees the ones it needs.

Set a secret Read docs
$ app keys create --name deploy-bot
What you get

Secrets, scoped

Bring your own keys
Per-app env vars
Per-deploy secrets
Rotation audit

Scoped access

Limit each secret to a project, environment, app, deploy, or agent task.

Full audit trail

See who changed what, when a secret was used, and when it was last rotated.

Encrypted, always

Values are encrypted at rest, and ready to move to your own vault whenever you want.

Explore more
ChatProjectsSitesDeploysCogsBuildsAgentsGatewayPricingWorkersQueuesDomainsSecretsLogsBillingDocsCLIConsultingReliabilitySecurityVisualBenchStatusWorkflows