Secrets

API calls make heavy use of authorization mechanisms, such as passwords or tokens.

You don't want to share these with anyone. For example, hardcoding them as headers inside a sequence endpoint would be a terrible thing in a published sequence.

You don't want them accidentally to become visible to people outside your circle of trust. For example, stored to our database or logs and visible to our engineers.

SequenceAPI provides a secrets mechanism to resolve this:

Values in sequence JSON that start with $ are treated as references to secrets defined within your account. We use the $ symbol because we think of them as akin to environment variables.

Here is an example that fails because we have not set up the secret.

Use the dropdown menu to go to the secrets page.

Here you can view existing secrets and set up new ones. In this case we are adding a secret called my_int with the value 4 (if we want to passthe output goal in this sequence).

Now when we run the sequence it completes successfully:

Handling secrets

Secrets are persisted inside AWS Secrets Manager, with heavily locked down access controls.

1. We do not write the value of a secret to our database.
2. We do not write the value of a secret to our logs.
3. We do not pass the value of a secret across the network to you when sequences are run.

The difference is apparent when you run the sequence as the value of the secrets are not exposed.