Skip to main content
If you want your site to do something special (send emails through a specific service, call an external API, work with a payment system), you’ll need API keys. Don’t write them directly in site code, that’s insecure. Use secrets.

How it works

1

Open Secrets section

In the builder: Features → Secrets.
2

Add a key-value pair

For example, OPENAI_KEY = sk-...
3

Ask AI to use the secret

“Use the OPENAI_KEY secret for the ChatGPT helper on the site.”
4

Done

The key stays in protected storage. Nobody except our backend sees it.

If you need to rotate a key

You can update the value anytime. No site rebuild needed, the key picks up instantly.
Never put API keys directly in text for the AI or in project rules. Use secrets. They’re protected even from you: nobody accidentally sees them while viewing code or history.

Why this matters

External APIs

OpenAI, Anthropic, any service with an API key.

Email providers

SendGrid, Mailgun, Brevo for email sending.

Payment gateways

Additional payment systems beyond built-in.

Webhook endpoints

Secure URLs for data exchange with external services.

What’s next

Files and DB

User data and content storage.

Email and SMTP

Most common use case for secrets.