Secrets#

Overview#

A secret in Roboto provides secure storage for sensitive information like API keys, passwords, and other credentials. They can be used by actions during execution without exposing the actual values through Roboto’s APIs.

Each secret is scoped to an organization and has a unique name within that organization. Secret values are never transmitted through Roboto’s APIs, providing an additional layer of security.

Creating Secrets#

You can create secrets through the web UI, CLI, or SDK:

CLI:

roboto secrets write my-api-key

SDK:

from roboto import Secret

# Create a new secret
secret = Secret.create(
    name="my-api-key",
    initial_value="sk-1234567890abcdef"
)

Using Secrets in Actions#

Actions can access secret values in two ways:

  1. Parameter References (Recommended)

    Reference secrets in action parameters using the roboto-secret:// URI format:

    # When invoking an action
action.invoke(
    input_data=[file_name],
    parameter_values={
        "api_key": "roboto-secret://my-api-key"
    }
)

    Or if you are using the web UI, you can reference the secret in the parameters section of the action invocation:

    Secret Parameter Reference

    In your action code, access the resolved value:

    from roboto import InvocationContext

context = InvocationContext.from_env()
api_key = context.get_parameter("api_key")  # Automatically resolved

  2. Direct Access

    Load secrets directly in action code:

    from roboto import Secret

secret = Secret.from_name("my-api-key")
api_key = secret.read_value().get_secret_value()

Secret URIs#

Secrets can be referenced using URIs in the format:

  • roboto-secret://secret-name (uses caller’s organization)

  • roboto-secret://secret-name@org_id (specific organization)

These URIs can be used anywhere a secret reference is needed, such as action parameters.

Managing Secrets#

List secrets:

roboto secrets list

Read a secret:

roboto secrets read my-api-key

Delete a secret:

roboto secrets delete my-api-key

Security#

  • Secret values are stored in a secure secret store, not in Roboto’s databases

  • Values are never transmitted through Roboto’s APIs

  • Actions access secrets using temporary, scoped credentials

  • Secret access is logged for audit purposes

See the roboto secrets CLI for additional CLI information.

On this page