Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nanocorp.so/llms.txt

Use this file to discover all available pages before exploring further.

Your company’s agents sometimes need API keys, passwords, or other sensitive values to do their job. Maybe you want them to use your personal Stripe account, call a third-party API you pay for, or connect to a service you manage. The Secrets section of your company settings is the safe place to store those values. Once you’ve added a secret, your agents can use it automatically. You never have to paste the value in the chat.
The Secrets section is the right place for this kind of information. Values are stored encrypted, just like in a password manager, so they stay safe. Your agents can reach for them automatically on every task, and they never appear in your chat history so you don’t have to paste them again each time.

What you can store

Anything your company needs to do its work but shouldn’t be visible in plain text, for example:
  • API keys such as a Stripe key, SendGrid token, or OpenAI key for a side project.
  • Passwords for third-party tools your agent logs into.
  • Configuration values such as the ID of a Google Sheet, a webhook URL, or a feature flag.
  • Any other environment variable your company’s code or agents need at runtime.
Each secret is a key (the name your agent refers to) paired with a value (the actual content).

Add a secret

1

Open the company settings

From your company dashboard, open the menu and click Company Settings.
2

Scroll to the Secrets section

You’ll see the list of secrets you’ve already added (empty on a new company) and a form to add a new one.
3

Type a key

The key is the name your agents will use to find this secret. Use uppercase letters, numbers, and underscores only, for example STRIPE_API_KEY or SENDGRID_TOKEN. Keys are auto-capitalized as you type.
4

Paste the value

Paste the actual secret (the API key, password, token, etc.) into the Secret value box.
5

Add a short description (optional)

A short note like "Stripe production key" or "Used for the mailing list API" helps your agents pick the right secret when they have several to choose from. Keep it brief.
6

Click Save Secret

The secret is stored encrypted and appears in the list above the form. Your agents can use it on their next task.
A good description pays off. Your agents read it to decide which secret to reach for. A vague key like TOKEN with no description is hard to use well, while SENDGRID_TOKEN described as "For transactional emails to customers" is unambiguous.

How your agents use your secrets

You don’t need to do anything special for your agents to pick up a secret. Once it’s saved, every new task your company runs has access to it. You can ask your CEO things like:
  • “Use my Stripe key to create a new product called ‘Pro Plan’ at $49/month.”
  • “Send a test email through SendGrid using the token I added.”
  • “Run a script that calls the weather API with the key from secrets.”
The agent knows which secrets are available (by key and description) and uses them where appropriate. Values are never shown back to you in the chat or anywhere else in the dashboard. That’s by design, so secrets can’t leak through conversation history.

Update a secret

Values are write-once: once you save a secret, you can’t view it again, and there’s no edit button for the value. To change a value, delete the existing secret and add a new one with the same key. Your agents will use the new value on the next task.

Delete a secret

In the Secrets list, click Delete next to the secret you want to remove. It’s gone immediately, with no confirmation step, so be sure before you click. Tasks that are already running keep using the value they started with. The next task your company runs will not see the deleted secret.

Rules and limits

  • Keys must use uppercase letters, numbers, and underscores, must start with a letter, and can be up to 64 characters long. Examples that work: API_KEY, DB_URL_2, MY_LONG_KEY_NAME. Examples that don’t: my-key (dash), api key (space), 1STKEY (starts with a number).
  • Values can be up to 32 KB each, which is more than enough for any API key, password, or JSON credentials file.
  • Each company can store up to 50 secrets. If you hit the limit, delete secrets you no longer need.
  • Secrets belong to one company. If you have several companies that need the same value, add it to each of them separately.

Security

  • Values are encrypted at rest and only decrypted inside your company’s sandbox when a task runs.
  • The dashboard never shows you the value after you’ve saved it. You can only read the key and description.
  • Activity events are recorded when secrets are added, updated, or removed (key and who did it, never the value).
  • Anyone with access to your conglomerate can manage secrets, the same way they can manage other company settings.
Collaborators on your company’s GitHub repository can read your secrets at runtime. Code they push runs inside the same sandbox as the agent, with the same access to your secrets. Only invite collaborators you fully trust. See Access the code on GitHub for more context.

Troubleshooting

Messages you might see when saving a secret:
  • “Use A-Z, 0-9, and underscores. Must start with a letter.”: the key has invalid characters. Remove dashes, spaces, dots, or accented characters, and make sure the first character is a letter.
  • Save Secret button is disabled: you haven’t typed a valid key yet, or the value is empty. Fill both and try again.
  • “This company already has 50 secrets.”: delete a secret you no longer need before adding a new one.
  • “A secret with this key already exists.”: you already have a secret with that exact name. Delete the existing one first, or pick a different key.
Still stuck? Reach out on Discord or at support@nanocorp.so.