Secure Storage
Store API keys and tokens with enterprise-grade encryption
Server-Side Only
Secrets are never exposed to frontend code or users
Easy Access
Access secrets from Functions with simple configuration
Secret Fields & Rules
Each secret includes:Secret Name
A unique identifier for your secret
Created At
Timestamp when the secret was created
Secret Name Rules
Secret names must follow these requirements:- Maximum length: 64 characters
- Must start with a letter
- Can only contain letters, numbers, and underscores
Invalid names are rejected with inline validation messages. For example, names starting with numbers or containing special characters will not be accepted.
Secret Limits
In YouBase:Maximum Secrets
Up to 64 secrets per project
Limit Exceeded
An error prompt appears when the limit is reached
Secret Limit ReachedYou can store up to 64 secrets. Remove unused secrets to add new ones.
Managing Secrets
1
View Secrets
Navigate to the Secrets section in YouBase to see all stored secrets.
2
Copy Name
Hover over a secret to copy its name to the clipboard.
3
Edit Secret
Click edit to update a secret’s value. The current value is masked for security.
4
Delete Secret
Click delete and confirm to permanently remove a secret.
Using Secrets
Secrets are typically accessed from Functions.Server-Side Access
Secrets are only accessible from backend Functions
Never Exposed
Secrets are never sent to the browser or visible to users
Common Use Cases
Below are common scenarios where Secrets are required. Use these examples to understand when sensitive values should be stored securely instead of being placed in frontend code.1. Calling third-party APIs with API keys
1. Calling third-party APIs with API keys
ScenarioYour project needs to call an external service that requires an API key or token.Examples
- OpenAI / Anthropic / other AI APIs
- Payment providers (e.g. Stripe)
- Email or notification services
- Analytics or monitoring tools
- API keys must not be exposed in frontend code
- Secrets keep credentials hidden from users and browsers
- Keys can be safely accessed only by server-side logic
2. Using AI models securely
2. Using AI models securely
ScenarioYour app uses AI models that require private API credentials.Examples
- AI chatbots
- Content generation tools
- AI-powered data processing
- AI API keys should never be visible to users
- Secrets ensure requests are made securely from the server
- Prevents unauthorized usage or key leakage
3. Connecting to external services or integrations
3. Connecting to external services or integrations
ScenarioYour project integrates with external platforms that require authentication tokens.Examples
- CRM systems
- Webhooks or automation tools
- Internal services or partner APIs
- Tokens and credentials are sensitive
- Storing them as Secrets avoids accidental exposure
- Credentials can be rotated without changing frontend code
4. Storing environment-specific credentials
4. Storing environment-specific credentials
ScenarioYour project uses different credentials for preview and production environments.Examples
- Separate API keys for testing and live usage
- Different endpoints or service tokens per environment
- Keeps environment-specific values isolated
- Prevents test credentials from being used in production
- Makes it safer to iterate and debug
5. Keeping sensitive configuration out of the frontend
5. Keeping sensitive configuration out of the frontend
ScenarioYour project relies on values that should not be visible to end users.Examples
- Private tokens
- Service credentials
- Internal identifiers or keys
- Frontend code is always visible to users
- Secrets ensure sensitive values stay on the server
- Reduces security risks by design
When You Might Not Need Secrets
If your project:
- Does not call external services
- Does not require API keys or private tokens
- Runs entirely without server-side logic
Unlock Secrets
Secrets is available on Pro and Ultra plans. Securely store API keys and tokens for your integrations.View Plans & Pricing →