How can we help?

Search

Secrets Vault

Uri Nativ
Uri Nativ
  • Updated
Torii SMP
Torii Identity

Overview

Secrets are encrypted variables you can create and use securely in workflows as personalization tokens.
Once a secret is created and stored in Torii, its value will never be visible again.
A common use case is for storing an API Key of a 3rd party service and using it as a personalization token when using a Custom Workflow Action

Torii encrypts and stores the secrets securely. 
Secrets are only decrypted right before being used during workflow execution

Secrets can be created in two ways:

  • Global secrets, created from the Settings page and available to all workflows

  • Workflow-specific secrets, created directly from a workflow and available only within that workflow

Secret Types

Global Secrets

Global secrets are created from the Settings page and can be used across all workflows in your environment.

Use global secrets when the same sensitive value (for example, a shared API key) needs to be reused in multiple workflows.

Workflow-Specific Secrets

Workflow-specific secrets are created directly from the Workflow Editor and are automatically linked to the workflow in which they were created.

  • They are only visible and usable in that specific workflow

  • They cannot be selected or referenced by other workflows

Create a global secret 

  1. Go to Settings >> Secret Vault 
    On the SECRETS VAULT page, you will find all existing secrets and will be able to create new ones by clicking on “Add secret to vault.

  2. Add the Secret Name and Value and click on Create.
    Secret names can only contain the following characters: a-z, A-Z, 0-9, hyphen -, and underscore _.

    secrets settings adding.png
  1. The secret will be added to the list.
    Once added, the secret can be deleted or edited.
    • Note that only the secret value can be edited and not its name. Changing a name will affect workflows referring to this secret; therefore, we don’t allow changing them.
    • If you delete a secret being used in a workflow, on the next workflow run, it will show as UNKNOWN

Create a Workflow-Specific secret 

  1. Go to workflows page and click on any workflow
  2. Click on the more actions button and then choose "Manage secrets" 
  3. Click on Add secret and Add the Secret Name and Value and click on Add secret.
    Secret names can only contain the following characters: a-z, A-Z, 0-9, hyphen -, and underscore _.
Workflow manage secrets1.png
Workflow secrets adding.png

Managing Secrets

From Settings → Secret Vault, you can manage all secrets, including:

  • Global secrets

  • Workflow-specific secrets

For each secret, you can:

  • Edit the secret value (the name cannot be changed)

  • Delete the secret

Important Notes

  • Only the secret value can be edited. Secret names cannot be changed, as renaming would break references in workflows.

  • If a secret that is used in a workflow is deleted, the next workflow run will show the secret as UNKNOWN.

 

Use a secret on a workflow custom action

  • When creating a workflow with a custom action, for example, a user requests access to the App catalog, and you want a ticket to be opened for a certain product.
  • When adding a custom action, just use the @ sign and look for the secret you created for this action as a Placeholder instead of entering a full sensitive plain text.
  • When the workflow is activated, the placeholder will retrieve the sensitive information without exposing it externally.


 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request