> ## Documentation Index
> Fetch the complete documentation index at: https://docs.voiceflow.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Securely store sensitive information.

<img src="https://mintcdn.com/voiceflow-009a8802/eGkyyTKz_LvX1Any/images/steps/Secrets.png?fit=max&auto=format&n=eGkyyTKz_LvX1Any&q=85&s=5f7b05cef9efc6d3353f069fce26822e" alt="Cover Placeholder" width="1920" height="1080" data-path="images/steps/Secrets.png" />

Secrets let you securely store sensitive information like API keys, database credentials, and encryption keys. Unlike variables, secret values are encrypted and hidden from view, keeping your credentials safe while still allowing your agent to use them.

## Creating secrets

You can create and manage secrets in **Settings** → **Secrets**. Click **New Secret** in the top right to create one.

When creating a secret, you'll provide a name, value, and visibility setting:

* **Masked** secrets are hidden by default but can be temporarily revealed by clicking on them.
* **Restricted** secrets cannot be revealed after creation. Use this for highly sensitive credentials.

You can also create secrets inline while building. Type `{` in any input field, switch to the **Secrets** tab in the dropdown, then click **Create Secret** at the bottom.

## Using secrets

Secrets work like variables but are accessed from a separate tab. In any input field within a [tool](/documentation/build/tools/api-tool), type `{` to open the dropdown, then switch to the **Secrets** tab and select the secret you need.

<Frame>
  <img src="https://mintcdn.com/voiceflow-009a8802/79mkdV9i3Y_vTBHy/images/Screenshot2026-02-17at4.49.22PM.png?fit=max&auto=format&n=79mkdV9i3Y_vTBHy&q=85&s=0c881195fc88bfbb25d4648e0da85304" alt="Screenshot2026 02 17at4 49 22PM" width="1490" height="982" data-path="images/Screenshot2026-02-17at4.49.22PM.png" />
</Frame>

## Managing secrets

To edit or delete a secret, click the three dots menu next to it. For masked secrets, you can also copy the value to your clipboard. Restricted secrets cannot be copied or revealed.

## Overriding secrets per environment

By default, every [environment](/documentation/deploy/environments) in your project uses the same secret values. You can override specific secret values on a per-environment basis, which is useful when you want, for example, a test API key on a non-production environment and a production API key on `Main`.

To configure overrides, open **Settings** → **Environments**, open the `...` menu next to the environment you want to configure, and select **Override live secrets** or **Override draft secrets**. Enter the environment-specific values and save. Secrets without an override fall back to their default value.

<Frame>
  <img src="https://mintcdn.com/voiceflow-009a8802/m2AwTYepiz1ibdK4/images/Secrets---override.png?fit=max&auto=format&n=m2AwTYepiz1ibdK4&q=85&s=4f9da09db0e1da6884fee6dd17822fc3" alt="Secrets Override" width="3012" height="934" data-path="images/Secrets---override.png" />
</Frame>

Restricted secrets can be overridden but their override values cannot be revealed after saving, in line with how restricted secrets behave at the project level.

<Note>
  Secret values are not copied when you clone an environment. After cloning, reapply any environment-specific overrides in the new environment.
</Note>

## Duplicating and exporting projects

When you duplicate or export a project, only secret names are included. Secret values are never copied for security reasons. After importing a duplicated project, you'll need to re-enter the secret values in **Settings** → **Secrets**.

## Security

Secrets are encrypted using AES-256 GCM, which provides both confidentiality and integrity protection through a Message Authentication Code (MAC). Encryption keys are securely managed and secrets are stored and transmitted according to industry best practices.