Manage secrets
A secret is a stored credential — an API key, an OAuth connection, a database login, or a client-credentials pair — owned by a feature. Workflows, connections, and MCP servers use secrets to reach external systems. The defining rule: a secret’s sensitive values are never displayed anywhere in the product — not to you, not to other members, and not to the agent.
Create a secret
Section titled “Create a secret”There is no “Add secret” form anywhere in Ronja. Like most resources, secrets are created only in conversation:
- Open an exploration and tell Ronja what you want to connect — “connect our Postgres” or “I have an API key for our billing tool”.
- Fill in the secure credentials card Ronja posts in the chat. Sensitive fields show a 🔒 sensitive badge and a password-style input; values Ronja pre-filled from the conversation carry a “filled by agent — verify” badge (sensitive values are never pre-filled).
- Click Save Credentials. The card confirms “Credentials saved securely” and Ronja carries on.
For OAuth services the card shows Sign in with {Provider} instead — you approve access in a popup, and no credential passes through the chat at all.
Find a secret
Section titled “Find a secret”Each feature lists its secrets in the feature hub, and every secret has a detail page showing: a type chip (API Key, OAuth, Client Credentials, Public Endpoint, or database), Personal or Shared, Live or Archived, and a Configuration card with Type, Dialect (if set), Credentials (“Stored” / “Not set”), Allowed URLs — the only hosts the secret may be used against — and Agent-visible fields, the only fields the agent may reference by name.
What you will never find is a value. Saved fields render only as “● ● ● ● saved” length indicators; only non-sensitive fields such as host, port, and username appear in plain text.
Update or rotate credentials
Section titled “Update or rotate credentials”- Ask Ronja in chat to update the secret. The credentials card re-renders with saved indicators on stored fields.
- Type new values only into the fields you want to change — “Leave a field blank to keep its existing value.”
- Click Save Credentials.
When an OAuth secret’s authorization expires, the chat card shows “{Service} authorization expired” — click Re-authorize with {Provider} to run the consent popup again.
Scope: Personal vs Shared
Section titled “Scope: Personal vs Shared”A secret has no scope of its own — it inherits the scope of the feature that owns it. In a private feature it is Personal; in a workspace- or organization-scoped feature it is Shared. To share a secret, you promote its feature as a bundle — see Share and promote.
Archive or delete
Section titled “Archive or delete”Archive (on the detail page) hides the secret from the agent: Ronja no longer finds or uses it in new work. Reverse it any time with Unarchive.