# Secrets

Secrets allow you to securely store sensitive configuration data like API keys and database credentials in your deployed MindedJS agents.

## Overview

Secrets are configured through the platform dashboard and automatically injected into `process.env` when your agent is deployed. They are only available in deployed agents, not during local development.

**Key Features:**

* Secure storage on the platform backend
* Automatic injection into `process.env` for deployed agents
* Environment-specific configuration (dev/staging/production)
* Deploy-time access only

## Usage

### Basic Access

```typescript
// Access secrets via process.env in deployed agents
const apiKey = process.env.OPENAI_API_KEY;
const databaseUrl = process.env.DATABASE_URL;

// Always validate required secrets
if (!apiKey) {
  throw new Error('OPENAI_API_KEY secret not configured');
}
```

### In Tools

```typescript
import { Tool } from 'mindedjs';

const weatherTool: Tool<{ city: string }, any> = {
  name: 'getWeather',
  description: 'Get weather information for a city',
  parameters: {
    type: 'object',
    properties: {
      city: { type: 'string', description: 'The city to get weather for' }
    },
    required: ['city']
  },
  handler: async ({ city }) => {
    const apiKey = process.env.WEATHER_API_KEY;
    
    if (!apiKey) {
      throw new Error('WEATHER_API_KEY secret not configured');
    }
    
    const response = await fetch(`https://api.weather.com/v1/current?key=${apiKey}&q=${city}`);
    return await response.json();
  }
};
```

## Configuration

### Platform Management

Configure secrets in the MindedJS platform dashboard:

* Navigate to your agent's settings
* Use the secrets management interface to add/edit secrets
* Configure different values per environment
* Changes require redeployment to take effect

### Naming Conventions

Use `UPPER_SNAKE_CASE` with descriptive names:

* `OPENAI_API_KEY`
* `DATABASE_URL`
* `WEBHOOK_SECRET`
* `JWT_SIGNING_KEY`

## Local Development

When developing locally, you can use the `.env` file (in the root of your project) to set the secrets or environment variables.

```bash
# .env file
MINDED_CONNECTION_TOKEN=abc
API_KEY=xyz
```

## Best Practices

* **Always validate** that required secrets exist before use
* **Never log** secret values in console output or logs
* **Use descriptive names** for clarity
* **Separate environments** with different secret values
* **Never commit** `.env` files or hardcode secrets
* **Regular rotation** of secrets through the platform

## Troubleshooting

* **Secret not available**: Verify it's configured in platform dashboard with exact name (case-sensitive) and agent is deployed
* **Local development**: Remember secrets only work in deployed agents - use `.env` files or fallbacks locally
* **Changes not applied**: Secret changes require redeployment to take effect