Secrets in Codegen allow you to securely store and manage sensitive information like API keys, tokens, and other credentials that your AI agent needs to access during task execution. These secrets are encrypted and made available to the agent’s sandbox environment without exposing them in your codebase.

How Secrets Work

When you configure secrets for your organization, they become available as environment variables within the agent’s sandbox environment. This allows the agent to:

  • Access external APIs and services
  • Authenticate with third-party tools
  • Use credentials without hardcoding them in your repository
  • Maintain security best practices by keeping sensitive data separate from code

Accessing and Configuring Secrets

You can manage your organization’s secrets through the Codegen web interface:

  1. Navigate to codegen.com/settings/secrets
  2. Add new secrets by providing a name and value
  3. Configure which repositories or environments can access specific secrets
  4. Save your changes to make them available to the agent

Secrets are encrypted at rest and in transit. Only the AI agent’s sandbox environment can access the decrypted values during task execution.

Common Use Cases

Secrets are commonly used for:

  • API Keys: Store keys for external services like OpenAI, GitHub, or cloud providers
  • Database Credentials: Securely connect to databases without exposing connection strings
  • Authentication Tokens: Access private repositories or services that require authentication
  • Configuration Values: Store environment-specific settings that shouldn’t be in code
  • Third-party Integrations: Credentials for services like Slack, Linear, or other tools

Best Practices

When working with secrets in Codegen:

  • Use Descriptive Names: Choose clear, descriptive names for your secrets (e.g., OPENAI_API_KEY, DATABASE_URL)
  • Rotate Regularly: Update secrets periodically to maintain security
  • Principle of Least Privilege: Only grant access to secrets that are actually needed
  • Avoid Duplication: Don’t store the same secret multiple times with different names
  • Document Usage: Keep track of which secrets are used by which repositories or workflows

The agent will automatically have access to configured secrets as environment variables. You can reference them in your code using standard environment variable syntax (e.g., process.env.API_KEY in Node.js or os.getenv('API_KEY') in Python).

Security Considerations

  • Secrets are never logged or displayed in plain text in the Codegen interface
  • Access to secrets is controlled at the organization level
  • Secrets are only available within the secure sandbox environment
  • All secret operations are audited for security compliance

Never commit secrets directly to your repository. Always use the Codegen secrets management system to handle sensitive information securely.