Secrets
The Secrets page (App Settings → Secrets in the App Panel) lets you store sensitive credentials and configuration values — API keys, tokens, passwords, third-party service credentials — encrypted at rest within your Zango app.
Overview
The Secrets dashboard shows:
| Metric | Description |
|---|---|
| Total Secrets | All secrets defined in the application |
| Active Secrets | Currently enabled secrets that are accessible from code |
| Inactive Secrets | Disabled secrets stored but not usable |
Creating a Secret
Click + Add Secret to open the creation form. Provide:
- Name — the key used to reference this secret in code (e.g.,
SENDGRID_API_KEY,STRIPE_SECRET) - Value — the secret value, encrypted before storage
Secret values are encrypted using the FIELD_ENCRYPTION_KEY set in your environment:
- Docker Compose — set in
deploy/.env - Python venv — set in your project's
.envorsettings.py
This key must never be rotated after the environment is created — doing so makes all existing secrets unreadable.
Accessing Secrets in Code
from zelthy.core.utils import get_secret
api_key = get_secret('SENDGRID_API_KEY')
This decrypts and returns the named secret for the current workspace.
Managing Secrets
| Action | Description |
|---|---|
| Search | Filter secrets by name |
| Activate / Deactivate | Toggle a secret's status without deleting it |
| Delete | Permanently remove a secret (cannot be undone) |
Security Notes
- Values are field-level encrypted using a Fernet key
- Generate a key at bootstrap time:
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
- Never commit
deploy/.envto version control - Each workspace has its own isolated secret namespace
Related Docs
- Secrets (Core Platform) — Using secrets in code