Secrets
Secrets are encrypted credentials (API keys, tokens, and passwords) that you can inject into sandboxes as environment variables without exposing them in API responses.
What secrets are
Section titled “What secrets are”- Private to you: secrets are owned by your user and never shared by default.
- Encrypted at rest: plaintext values are never returned by any API.
- Injected at runtime: secrets are decrypted only when a sandbox is provisioned.
Scoping and selection
Section titled “Scoping and selection”Secrets are user-owned. You maintain a personal library of secrets and choose which of your secrets to inject when provisioning a sandbox for a project.
When you create or update a project sandbox, you pass the list of secret IDs to inject (selected_secret_ids). That selection is stored on the project and used for subsequent sandbox provisioning.
Injection into sandboxes
Section titled “Injection into sandboxes”Secrets are injected as environment variables at sandbox creation time. If you change the selected secrets for a project, the platform restarts the sandbox so the new values are applied.
Lifecycle and management
Section titled “Lifecycle and management”Common actions
Section titled “Common actions”- Create and update secrets from the UI or CLI (
dreadnode secrets set). - List available secrets and presets (
dreadnode secrets list). - Delete secrets you no longer use (
dreadnode secrets delete).
Lifecycle expectations
Section titled “Lifecycle expectations”| Step | What happens |
|---|---|
| Create | Secret is stored encrypted and shown with a masked preview |
| Select | You choose which secrets to inject for a project |
| Provision | Secrets are decrypted and injected into the sandbox |
| Rotate | Update the value and restart the sandbox to apply |