Platform Secrets

Many abilities and integrations require authentication credentials to access external services such as Google Calendar, Notion, Slack, or custom APIs. The platform provides a secure secret management system that stores and handles these credentials safely, preventing exposure in logs or client-side code.

Understanding Secret Types

To discover which types of credentials and authentication methods are supported by the platform:

GET /api/v1/platform/secret/list

http

Each secret type in the response describes a specific authentication method:

  • id: Unique identifier for the secret type
  • name: Human-readable name of the credential type
  • description: Explanation of what service or purpose this secret type serves
  • type: The authentication mechanism (API key, OAuth token, etc.)

Secret Types and Use Cases

Different secret types correspond to different authentication mechanisms:

  • API Keys: Simple authentication tokens for services that use key-based auth
  • OAuth Tokens: Authorization credentials obtained through OAuth flows
  • Service Credentials: Specialized authentication for enterprise services
  • Custom Secrets: User-defined credential types for proprietary integrations
{
  "id": "google-oauth",
  "name": "Google OAuth",
  "description": "OAuth credentials for Google services",
  "type": "oauth2"
}

javascript

Working with Secrets

The secret list endpoint helps you understand which credential types are available when configuring abilities or integrations. When setting up an ability that requires authentication:

  1. Check the ability's documentation to determine which secret type is required
  2. Verify that the necessary secret type is supported by checking this list
  3. Create a secret of the appropriate type through the platform's secret management endpoints
  4. Reference the secret by ID when configuring the ability

Security Best Practices

Secrets are stored securely and encrypted at rest. The platform ensures that:

  • Secret values are never exposed in API responses
  • Secrets are only accessible to authorized resources within your account
  • Secret access is logged for audit purposes
  • Secrets can be rotated without changing ability configurations

Important: This endpoint only lists the types of secrets that are supported by the platform. It does not return actual secret values or the secrets you have created in your account. To manage your actual secrets, use the dedicated secret management endpoints.

Security Warning: Never commit secrets to source control, expose them in client-side code, or share them through insecure channels. Always use the platform's secret management system to handle credentials securely.

Go to cbk.ai