# Secret Store The Secret Store provides workspace-wide encrypted storage for API keys, tokens, and other sensitive values. Secrets can be referenced in steps — for example, in [Custom HTTP Request](https://docs.relay.app/built-in-actions/custom-http-requests) steps — without exposing the actual values. ### Managing secrets To manage secrets, navigate to [Settings → Workspace → Secrets](https://run.relay.app/settings/workspace/secrets). {% hint style="info" %} Only workspace admins can create, update, or delete secrets. {% endhint %} #### Creating a secret 1. Click **Add Secret** 2. Enter a name and value 3. Click **Save** Secret names are automatically normalized to `UPPER_SNAKE_CASE`. For example, entering `my api key` will be stored as `MY_API_KEY`. {% hint style="warning" %} Secret values are encrypted and **cannot be viewed again** after saving. Make sure to store the original value somewhere safe if you need it later. {% endhint %} #### Updating a secret To update a secret's value, click on the secret and enter the new value. The previous value will be permanently replaced. #### Deleting a secret To delete a secret, click the delete button next to it. Any steps referencing the deleted secret will fail at execution time. ### Using secrets in steps Secrets are available in steps that support them, such as [Custom HTTP Requests](https://docs.relay.app/built-in-actions/custom-http-requests). When editing a supported step: 1. Open the variable explorer sidebar 2. Look for the **Secrets** section 3. Click a secret to insert it into the URL, headers, or body fields Secrets work like any other variable — you can insert them wherever dynamic values are accepted. ### Security * Secret values are **encrypted at rest** and never sent to the browser after creation * Secrets are **resolved server-side** at execution time — the actual value is only used when the step runs * Only workspace admins can manage secrets; all workspace members can reference them in automations For more on workspace roles and permissions, see [Workspace Administration](https://docs.relay.app/workspace-and-account/workspace-administration).