The Secrets page lets you store sensitive values — such as API keys, passwords, or tokens — that your automations need to function. Values are stored securely and never exposed in plain text in forms or case templates. Access it from Settings → Secrets.
How secrets work
Each secret has a key and a value. Once saved, the value is hidden but can be updated at any time. You reference a secret anywhere in Penbox that supports Penscript using:
For example, if you stored an API key under the key my_api_key, you can use { $secrets.my_api_key } in an API call step or automation without exposing the raw value.
Keys can only contain letters (uppercase or lowercase), numbers, hyphens (-), and underscores (_). No spaces or special characters.
Managing secrets
Only Administrators can create, update, or delete secrets. The list shows the key, when it was last changed, and who created it.
To update a secret’s value, click the edit icon — the key cannot be changed, only the value. To remove a secret, use the delete icon and confirm.
Deleting a secret is immediate and permanent. Any automation or Penscript expression referencing it will stop working.
