Editor User Guide

Secrets

There are often items that need to be used in tasks that should not be written directly in the code for the extension, such as tokens, URLs, IDs, and other items. These items can be stored securely as secrets. Secrets can be added, removed and managed via the Secrets panel, which is in the settings menu in the Editor.

Editor Secrets Panel

When adding a secret in the Editor, you simply add a secret key and the actual secret value.

Accessing secrets in code

The secrets object can be accessed in your code by using the context object, as in the below example.

module.exports = function(context, callback) {
	console.log(context.secrets.mySecretIsSoSecret);
}

Note that secrets can only be read by the process running your extension’s code. This is what makes them secure. However, if your extension code responds with or outputs secrets, their integrity is lost. If your extension performs an action on some privileged resource using the secrets then anyone with your extension’s URL could potentially trigger those actions. In that case, it is a good idea to make sure that callers of your extension are authorized to be doing so prior to performing any further actions, especially involving secrets.