Skip to content

Manage secrets

A secret is a stored credential — an API key, an OAuth connection, a database login, or a client-credentials pair — owned by a feature. Workflows, connections, and MCP servers use secrets to reach external systems. The defining rule: a secret’s sensitive values are never displayed anywhere in the product — not to you, not to other members, and not to the agent.

There is no “Add secret” form anywhere in Ronja. Like most resources, secrets are created only in conversation:

  1. Open an exploration and tell Ronja what you want to connect — “connect our Postgres” or “I have an API key for our billing tool”.
  2. Fill in the secure credentials card Ronja posts in the chat. Sensitive fields show a 🔒 sensitive badge and a password-style input; values Ronja pre-filled from the conversation carry a “filled by agent — verify” badge (sensitive values are never pre-filled).
  3. Click Save Credentials. The card confirms “Credentials saved securely” and Ronja carries on.

For OAuth services the card shows Sign in with {Provider} instead — you approve access in a popup, and no credential passes through the chat at all.

Each feature lists its secrets in the feature hub, and every secret has a detail page showing: a type chip (API Key, OAuth, Client Credentials, Public Endpoint, or database), Personal or Shared, Live or Archived, and a Configuration card with Type, Dialect (if set), Credentials (“Stored” / “Not set”), Allowed URLs — the only hosts the secret may be used against — and Agent-visible fields, the only fields the agent may reference by name.

What you will never find is a value. Saved fields render only as “● ● ● ● saved” length indicators; only non-sensitive fields such as host, port, and username appear in plain text.

  1. Ask Ronja in chat to update the secret. The credentials card re-renders with saved indicators on stored fields.
  2. Type new values only into the fields you want to change — “Leave a field blank to keep its existing value.”
  3. Click Save Credentials.

When an OAuth secret’s authorization expires, the chat card shows “{Service} authorization expired” — click Re-authorize with {Provider} to run the consent popup again.

A secret has no scope of its own — it inherits the scope of the feature that owns it. In a private feature it is Personal; in a workspace- or organization-scoped feature it is Shared. To share a secret, you promote its feature as a bundle — see Share and promote.

Archive (on the detail page) hides the secret from the agent: Ronja no longer finds or uses it in new work. Reverse it any time with Unarchive.