How the vault works
The vault (Secrets in the sidebar) holds your organization's reusable secrets: API keys, tokens, and env vars your agents need. Saved secrets become selectable whenever you deploy or configure an agent.
- Values are encrypted at rest and are write-only in listings: the list shows names and descriptions, never values.
- Revealing a stored value is an explicit action, and every reveal is audited.
- Updating a secret re-injects the new value into the agents that use it.
- Deleting a secret removes it from the vault; agents keep the value already written to their .env until reconfigured.