Secrets
Secrets in Wized allow you to securely store API keys
needed for requests. These secrets are encrypted and stored on our servers, ensuring that only the project owner can access them. When a request using a secret is executed, it is processed through our servers, where the actual API key is retrieved and applied securely. This prevents exposure of sensitive credentials on the client side.
Why use secrets?
- Security: By storing your API keys in secrets, you prevent them from being visible in your webapp source code, reducing the risk of leaks and unauthorized access.
- Requests via Wized server: When you use a Secret in a request, the request is executed through our servers instead of directly from the user's browser. This adds an extra layer of security, especially for APIs that only accept requests from servers.
- Encryption: Secrets are stored encrypted, ensuring that only you, as the project owner, can access their value.
What kind of information should I store in secrets?
- API keys: API keys are unique credentials that allow you to access external services, such as databases, third-party APIs, or payment platforms. Storing them in secrets is essential to protect them from potential leaks.
Note
Auth tokens are temporary credentials that allow users to access protected areas of your application after logging in. These tokens are typically stored in cookies.
Creating a secret
- Access the data store panel: Click on the
Data Store
tab in the leftside bar. - Secrets section: You will find a list of the secrets you have previously created.
- Click the
+
: Right panel will open, there you will be able to set the values of this secret. - Fill in the fields:
- Name: Choose a descriptive name for your secret (for example,
api_key_stripe
). - Value: Enter the value of your API key.
- Name: Choose a descriptive name for your secret (for example,
- Save the secret: Click the "Save" button to encrypt and store the secret securely.
Using a secret
To use a secret in a request, simply access its value in the Function Editor using the s.
parameter followed by the secret name. For example:
JavaScript
// In the "Headers" configuration of a request:
return s.my_secret_token