Webtask

Documentation

Managing Secrets in the Webtask Editor

Adding and accessing secrets

For customized documentation and ready to run samples, please log in.

Secrets

There are often items that need to be used in tasks that should not be written directly in the code for the task, such as tokens, URLs, IDs, and other items. These items can be stored securely as secrets. Secrets can be added, removed and managed via the Secrets panel, which is in the settings menu in the Editor.

Editor Secrets Panel

When adding a secret in the Editor, you must simply add a secret key, by which you will access the secret in code, and the actual secret value.

Accessing secrets in code

The secrets object can be accessed in your Webtask code by using the context object, as in the below example.

module.exports = function(context, callback) {
	console.log(context.secrets.mySecret);
} 

Note that secrets can only be read by the process running your task's code. This is what makes them secure. However, if your task code responds with or outputs secrets, their integrity is lost. If your task performs an action on some privileged resource using the secrets then anyone with your task's URL could potentially trigger those actions. In that case, it is a good idea to make sure that callers of your task are authorized to be doing so prior to performing any further actions, especially involving secrets.