> ## Documentation Index
> Fetch the complete documentation index at: https://docs.royaltyport.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Manage encrypted credentials for authenticating your automation steps

## What are Secrets?

Secrets are encrypted credentials stored securely within the Automations environment. They provide authentication for steps that connect to external services — like API keys for HTTP requests, SFTP credentials for file transfers, or OAuth tokens for protected APIs.

## Creating a Secret

<Steps>
  <Step title="Navigate to Secrets">
    Click **Secrets** in the automations sidebar.
  </Step>

  <Step title="Click Create">
    Click the create button to open the new secret form.
  </Step>

  <Step title="Enter a Name">
    Give the secret a descriptive name (e.g. `stripe-api-key`, `sftp-production`).
  </Step>

  <Step title="Select the Type">
    Choose the credential type from the dropdown.
  </Step>

  <Step title="Enter Credentials">
    Fill in the required credential fields for the selected type.
  </Step>

  <Step title="Save">
    Click **Save** to encrypt and store the secret.
  </Step>
</Steps>

## Secret Types

| Type                          | Fields                              | Use Case                              |
| ----------------------------- | ----------------------------------- | ------------------------------------- |
| **Basic Auth**                | Username, Password                  | HTTP basic authentication             |
| **Bearer Token**              | Token                               | Bearer token authentication           |
| **API Key**                   | Key name, Key value                 | API key header authentication         |
| **SFTP Password**             | Username, Password                  | SFTP password-based login             |
| **SFTP Private Key**          | Username, Private key               | SFTP key-based login                  |
| **OAuth2 Client Credentials** | Client ID, Client secret, Token URL | OAuth2 client credentials flow        |
| **JSON Credentials**          | JSON content                        | Service account or custom credentials |

## Using Secrets in Steps

When configuring a step that supports authentication (HTTP Request, SFTP, Code), select a secret from the auth dropdown in the step configuration panel. The secret's credentials are injected at runtime.

## Mode Scoping

Secrets are scoped per mode:

* **Test secrets** are used during test executions
* **Live secrets** are used during production executions
* During [deployment](/automations/test-and-deploy), you choose which test secrets to copy to the live environment

## Deleting Secrets

Secrets can only be deleted in test mode. Click the delete button on a secret row, then confirm the deletion.

<Warning>
  Deleting a secret is permanent. Any steps referencing the deleted secret will fail at runtime.
</Warning>

## Related Documentation

<CardGroup cols={2}>
  <Card title="Steps" icon="puzzle" href="/automations/steps/overview">
    Configure authentication on HTTP Request, SFTP, and Code steps.
  </Card>

  <Card title="Test & Deploy" icon="rocket" href="/automations/test-and-deploy">
    Secrets are copied from test to live during deployment.
  </Card>
</CardGroup>