~/docs/secrets

Secrets

Encrypted key-value storage for API keys and credentials.

Secrets are encrypted key-value pairs that store API keys, tokens, and credentials. When the AI builds a service that needs an API key, it creates a secret placeholder. The user fills in the actual value before the service can run.

How Secrets Work

1The AI names the secret in a session message (e.g., STRIPE_API_KEY)

2OpenCode automatically creates a placeholder secret entry

3The service deploys but stays stopped — waiting for secrets

4The user fills in the secret value in the workspace

5The service auto-redeploys with the secret injected as an environment variable

Key Rules

The AI never asks the user for secret values — it creates placeholders
The AI never creates secrets directly — OpenCode handles that
Secrets are scoped to a workspace
When a secret is updated, all services using it are redeployed
Secrets are encrypted at rest and in transit

Explore the AI's long-term memory.Brain