> ## Documentation Index
> Fetch the complete documentation index at: https://docs.youware.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Learn how to securely store and manage sensitive values like API keys and tokens in YouBase.

<CardGroup cols={3}>
  <Card title="Secure Storage" icon="shield-halved">
    Store API keys and tokens with enterprise-grade encryption
  </Card>

  <Card title="Server-Side Only" icon="server">
    Secrets are never exposed to frontend code or users
  </Card>

  <Card title="Easy Access" icon="key">
    Access secrets from Functions with simple configuration
  </Card>
</CardGroup>

***

## Secret Fields & Rules

Each secret includes:

<CardGroup cols={2}>
  <Card title="Secret Name" icon="tag">
    A unique identifier for your secret
  </Card>

  <Card title="Created At" icon="calendar">
    Timestamp when the secret was created
  </Card>
</CardGroup>

<Warning>
  Secret values are **never displayed** after creation.
</Warning>

### Secret Name Rules

Secret names must follow these requirements:

* Maximum length: **64 characters**
* Must start with a letter
* Can only contain letters, numbers, and underscores

<Info>
  Invalid names are rejected with inline validation messages. For example, names starting with numbers or containing special characters will not be accepted.
</Info>

***

## Secret Limits

In YouBase:

<CardGroup cols={2}>
  <Card title="Maximum Secrets" icon="hashtag">
    Up to **64 secrets** per project
  </Card>

  <Card title="Limit Exceeded" icon="triangle-exclamation">
    An error prompt appears when the limit is reached
  </Card>
</CardGroup>

<Note>
  **Secret Limit Reached**

  You can store up to 64 secrets. Remove unused secrets to add new ones.
</Note>

***

## Managing Secrets

<Steps>
  <Step title="View Secrets">
    Navigate to the Secrets section in YouBase to see all stored secrets.
  </Step>

  <Step title="Copy Name">
    Hover over a secret to copy its name to the clipboard.
  </Step>

  <Step title="Edit Secret">
    Click edit to update a secret's value. The current value is masked for security.
  </Step>

  <Step title="Delete Secret">
    Click delete and confirm to permanently remove a secret.
  </Step>
</Steps>

<Warning>
  **Deleting a secret requires confirmation.**

  Are you sure you want to delete this secret?

  This action cannot be undone, and anything in your project that relies on this secret may stop working. Once deleted, a secret cannot be recovered.
</Warning>

***

## Using Secrets

Secrets are typically accessed from **Functions**.

<CardGroup cols={2}>
  <Card title="Server-Side Access" icon="shield-halved">
    Secrets are only accessible from backend Functions
  </Card>

  <Card title="Never Exposed" icon="eye-slash">
    Secrets are never sent to the browser or visible to users
  </Card>
</CardGroup>

<Tip>
  This design follows standard security practices for protecting sensitive credentials. Always use Secrets for API keys, tokens, and other sensitive values instead of hardcoding them in frontend code.
</Tip>

***

# Common Use Cases

Below are common scenarios where **Secrets** are required.

Use these examples to understand when sensitive values should be stored securely instead of being placed in frontend code.

<AccordionGroup>
  <Accordion title="1. Calling third-party APIs with API keys" icon="plug">
    **Scenario**

    Your project needs to call an external service that requires an API key or token.

    **Examples**

    * OpenAI / Anthropic / other AI APIs
    * Payment providers (e.g. Stripe)
    * Email or notification services
    * Analytics or monitoring tools

    **Why Secrets are needed**

    * API keys must not be exposed in frontend code
    * Secrets keep credentials hidden from users and browsers
    * Keys can be safely accessed only by server-side logic

    *(Typically used together with Functions)*
  </Accordion>

  <Accordion title="2. Using AI models securely" icon="brain">
    **Scenario**

    Your app uses AI models that require private API credentials.

    **Examples**

    * AI chatbots
    * Content generation tools
    * AI-powered data processing

    **Why Secrets are needed**

    * AI API keys should never be visible to users
    * Secrets ensure requests are made securely from the server
    * Prevents unauthorized usage or key leakage
  </Accordion>

  <Accordion title="3. Connecting to external services or integrations" icon="link">
    **Scenario**

    Your project integrates with external platforms that require authentication tokens.

    **Examples**

    * CRM systems
    * Webhooks or automation tools
    * Internal services or partner APIs

    **Why Secrets are needed**

    * Tokens and credentials are sensitive
    * Storing them as Secrets avoids accidental exposure
    * Credentials can be rotated without changing frontend code
  </Accordion>

  <Accordion title="4. Storing environment-specific credentials" icon="code-branch">
    **Scenario**

    Your project uses different credentials for preview and production environments.

    **Examples**

    * Separate API keys for testing and live usage
    * Different endpoints or service tokens per environment

    **Why Secrets are needed**

    * Keeps environment-specific values isolated
    * Prevents test credentials from being used in production
    * Makes it safer to iterate and debug
  </Accordion>

  <Accordion title="5. Keeping sensitive configuration out of the frontend" icon="user-shield">
    **Scenario**

    Your project relies on values that should not be visible to end users.

    **Examples**

    * Private tokens
    * Service credentials
    * Internal identifiers or keys

    **Why Secrets are needed**

    * Frontend code is always visible to users
    * Secrets ensure sensitive values stay on the server
    * Reduces security risks by design
  </Accordion>
</AccordionGroup>

***

## When You Might Not Need Secrets

<Note>
  If your project:

  * Does not call external services
  * Does not require API keys or private tokens
  * Runs entirely without server-side logic

  You can skip **Secrets** for now and add them later as your project grows or integrates with more services.
</Note>

***

<Card title="Unlock Secrets" icon="rocket" color="#10B981" href="https://www.youware.com/subscription?location=docs">
  **Secrets is available on Pro and Ultra plans.** Securely store API keys and tokens for your integrations.

  [View Plans & Pricing →](https://www.youware.com/subscription?location=docs)
</Card>