Documentation

Secrets Management

Store API keys and environment variables securely. Secrets are encrypted at rest and synced automatically to your IDE workspaces.

Adding a Secret

Navigate to Dashboard → Secrets

Click Add Secret

Enter the key name (e.g., OPENAI_API_KEY)

Paste the secret value

Optionally add a description

Click Save Secret

Key Naming Convention

Secret keys are automatically formatted to uppercase with underscores for consistency:

Input

openai-api-key

Output

OPENAI_API_KEY

Input

My Secret

Output

MY_SECRET

Security Features

Feature	Description
Encryption	AES-256 encryption at rest
Masking	Values shown as `sk-••••••••pt3k`
Reveal	Click eye icon to temporarily show value
Copy	One-click copy to clipboard
Audit Log	All access is logged Enterprise

Using Secrets in IDE

Secrets sync automatically to your GRID IDE. Access them via the built-in environment or through the Secrets panel.

// Secrets are available as environment variables
const apiKey = process.env.OPENAI_API_KEY;
const dbUrl = process.env.DATABASE_URL;

// Use in your code
const response = await fetch('https://api.openai.com/v1/...', {
  headers: {
    'Authorization': `Bearer ${apiKey}`
  }
});

• Secrets are automatically injected into your workspace environment

• Available in all terminal sessions and processes

• Never exposed in logs or error messages

BYOK (Bring Your Own Key)

If no organization-level key is configured, GRID falls back to prompting users for their own API keys. This enables a "freemium" model where users can start without team secrets.

• Personal keys are stored locally and never synced

• Organization keys take precedence when available

• Seamless fallback ensures uninterrupted workflow