Autonomis

Secrets

Secrets are passwords, API keys, and other sensitive data your agents need to do their work. They're stored encrypted and never visible in plain text — not even to us.

What Are Secrets?

Instead of typing your API key into every conversation, you store it once as a secret and your agents can use it automatically. Secrets are like a locked safe that only your agents have the key to.

Common secrets you might add:

  • GITHUB_TOKEN — For connecting to GitHub
  • BRAVE_API_KEY — For web search capabilities
  • DISCORD_BOT_TOKEN — For the Discord integration
  • DATABASE_URL — For database access
  • AGENTMAIL_API_KEY — For email capabilities

Required Secrets

There is one secret every account needs:

  • ANTHROPIC_API_KEY — Your Anthropic API key. This is what powers your agents' AI capabilities. You can get one at console.anthropic.com.

This key is added when you create your first agent. You can also add other provider keys (Google, OpenAI) if your agents need them.

How to Add a Secret

  1. Go to Secrets in the sidebar
  2. Click "Add Row"
  3. Enter a name for your secret (e.g., GITHUB_TOKEN). Names are automatically converted to uppercase.
  4. Enter the value (e.g., your actual API key or password)
  5. Add more rows if you need to save multiple secrets at once
  6. Click "Save All"
Tip: If you accidentally enter the same name twice, both rows will be highlighted in red. Just remove the duplicate before saving.

How Your Agents Use Secrets

Secrets are automatically available to your agents as environment variables. This means your agents and their tools can read them without any extra setup.

For example, if you add a secret named GITHUB_TOKEN, the GitHub integration will automatically pick it up. You can also mention secrets in your TOOLS.md template so your agent knows what's available:

TOOLS.md example
# Available APIs
Brave Search: stored in environment as BRAVE_API_KEY
GitHub: stored in environment as GITHUB_TOKEN
AgentMail: stored in environment as AGENTMAIL_API_KEY

Security

Your secrets are protected with military-grade encryption (AES-256-GCM). Here's what that means in practice:

  • Values are never visible — After you save a secret, the value is shown as dots in the dashboard. You cannot view it again.
  • Encrypted at rest — Your secret is encrypted before it's stored. Even our infrastructure administrators only see scrambled text.
  • Only YOUR agents can access YOUR secrets — Each user's secrets are completely isolated. No other user's agents can access your data.
  • Decrypted only at runtime — The actual value is only unscrambled inside your agent's container when it needs it.

Managing Your Secrets

  • View your secrets — The Secrets page shows a list of all your secret names. Values are always masked (shown as dots) with an "encrypted" badge.
  • Update a secret — Save a new secret with the same name. It will overwrite the previous value.
  • Delete a secret — Click the trash icon next to any secret. A confirmation dialog will appear before it's removed.

Changes to secrets take effect automatically — you don't need to restart your agents.

Next Steps