Skip to main content
Krosyn is launching soon. Join the waitlist for early access.Join waitlist
Krosyn

Documentation

Learn how to use Krosyn to connect your applications.

Secrets Vault

Securely store API keys, tokens, and other sensitive credentials that your connectors need at runtime.

Overview

The Secrets Vault provides a secure way to store credentials that your connectors reference in expressions. Instead of hardcoding API keys in your connector configuration, store them as secrets and reference them using $secret.SECRET_NAME.

Creating Secrets

Navigate to Settings > Secrets to manage your organization's secrets. Each secret has:

  • Name (required): A unique identifier using uppercase letters, numbers, and underscores (e.g. CRM_API_KEY, SLACK_WEBHOOK_TOKEN)
  • Value (required): The secret value (e.g. the actual API key or token)
  • Description (optional): A note about what this secret is for

The secret value is encrypted immediately upon saving and cannot be viewed again. If you lose the value, you will need to create a new secret or update the existing one with the correct value.

Using Secrets in Expressions

Reference secrets in any expression field using the $secret prefix.

In a Process lookup header

Key: Authorization
Value: Bearer $secret.CRM_API_KEY

In a Perform URL

https://hooks.slack.com/services/$secret.SLACK_WEBHOOK_PATH

In a Perform header

Key: X-API-Key
Value: $secret.TARGET_API_KEY

Encryption

All secret values are encrypted at rest using AES-256-CBC. Values are only decrypted at runtime when a connector executes and needs the secret value.

  • Secrets are never stored in plain text in the database
  • The API never returns secret values in responses
  • The UI only shows the secret name and description, never the value

Automatic Redaction

When a connector executes, any secret values that appear in the request URL, headers, or body are automatically replaced with [REDACTED] before being stored in the event log. This means:

  • Event logs never contain actual secret values
  • You can safely share event logs for debugging without exposing credentials
  • Even database backups do not contain plain-text secrets in event records

Organization Scope

Secrets are scoped to your organization. All connectors within the same organization share access to the same set of secrets. Members of other organizations cannot see or use your secrets.