Wized Docs

Appearance

Secrets

Introduction

“Secrets” in Wized allow you to securely store sensitive information such as API keys, access tokens, and other data that you don’t want to expose directly in your application code.

Why use Secrets?

  • Security: By storing your API keys and other sensitive data in Secrets, you prevent them from being visible in your application's source code, reducing the risk of leaks and unauthorized access.
  • Requests via Wized Server: When you use a Secret in an API request, the request is executed through our servers instead of directly from the user's browser. This adds an extra layer of security, especially for APIs that only accept requests from servers.
  • Encryption: Secrets are stored encrypted in our database, ensuring that only you, as the project owner, can access their true value.

What kind of information should I store in Secrets?

  • API Keys: API keys are unique credentials that allow you to access external services, such as databases, third-party APIs, or payment platforms. Storing them in Secrets is essential to protect them from potential leaks.
  • Other Authentication Secrets: If your app uses other types of authentication credentials to access external services, such as access tokens or app passwords, you can also store those in Secrets.

Important! Secrets are designed exclusively for storing API keys and other sensitive data related to authentication for external services. Please do not store your users' personal information here, such as names, emails, or account passwords, or authentication tokens generated upon login.

Authentication tokens are temporary credentials that allow users to access protected areas of your application after logging in. These tokens are typically stored in cookies.

Creating a Secret

  1. Access the Data Store Panel: Click on the "Data Store" tab in the left navigation bar of the Configurator.
  2. Go to the "Secrets" section: You will find a list of the secrets you have previously created.
  3. Click the "+" button: A form will open to create a new secret.
  4. Fill in the fields:
    • Name: Choose a descriptive name for your secret (for example, "api_key_stripe").
    • Value: Enter the value of your API key or other sensitive data.
  5. Save the secret: Click the "Save" button to encrypt and store the secret securely.

Using a Secret

To use a secret in an API request, simply access its value in the Function Editor using the s prefix followed by the secret name. For example:

JavaScript
// In the "Headers" configuration of an API request:

return {

return `Bearer ${s.my_secret_token}`

};