# Secret Store The Secret Store provides workspace-wide encrypted storage for API keys, tokens, and other sensitive values. Secrets can be referenced in steps — for example, in [Custom HTTP Request](/built-in-actions/custom-http-requests.md) steps — without exposing the actual values. ### Managing secrets To manage secrets, navigate to [Settings → Workspace → Secrets](https://run.relay.app/settings/workspace/secrets). {% hint style="info" %} Only workspace admins can create, update, or delete secrets. {% endhint %} #### Creating a secret 1. Click **Add Secret** 2. Enter a name and value 3. Click **Save** Secret names are automatically normalized to `UPPER_SNAKE_CASE`. For example, entering `my api key` will be stored as `MY_API_KEY`. {% hint style="warning" %} Secret values are encrypted and **cannot be viewed again** after saving. Make sure to store the original value somewhere safe if you need it later. {% endhint %} #### Updating a secret To update a secret's value, click on the secret and enter the new value. The previous value will be permanently replaced. #### Deleting a secret To delete a secret, click the delete button next to it. Any steps referencing the deleted secret will fail at execution time. ### Using secrets in steps Secrets are available in steps that support them, such as [Custom HTTP Requests](/built-in-actions/custom-http-requests.md). When editing a supported step: 1. Open the variable explorer sidebar 2. Look for the **Secrets** section 3. Click a secret to insert it into the URL, headers, or body fields Secrets work like any other variable — you can insert them wherever dynamic values are accepted. ### Security * Secret values are **encrypted at rest** and never sent to the browser after creation * Secrets are **resolved server-side** at execution time — the actual value is only used when the step runs * Only workspace admins can manage secrets; all workspace members can reference them in automations For more on workspace roles and permissions, see [Workspace Administration](/workspace-and-account/workspace-administration.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.relay.app/workspace-and-account/secret-store.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.