How to manage scenario secrets
Central storage for API keys, tokens, and passwords used by Send Request and custom actions in scenarios. Secrets are stored encrypted; scenarios keep only a reference to the record.
When you need this
- You want to save a Bearer/API key/OAuth secret once and reuse it across scenarios.
- You need to rotate a key without editing every Send Request node.
- You want to find inline tokens still stored in constants or node parameters.
What to know
- Scenario secrets — a dedicated tab under Settings (route
/settings-page/credentials, menu label Scenario secrets). - Availability — the feature is off by default. A root administrator enables it in Instance settings (platform feature toggles), then grants role permissions.
- Permissions: view (View in roles) and save (Save in roles) are separate under Settings → Roles → Scenario secrets.
- Not the same as channel tokens (Telegram/Viber), Mailgun keys, or AI provider keys — those live in other settings areas.
- Deletion: a record in use by a scenario (including inline references in URL/headers/body) cannot be deleted — remove references in nodes first.
Before you start
A root administrator enabled Scenario secrets for the instance. Your role can view or save scenario secrets. You are signed in to Settings ( /settings-page).
Step-by-step
1. Open the secrets tab
- In the main menu, open Menu → Settings (or go to
/settings-page). - In the sidebar, select Scenario secrets.
- If the tab is missing, check platform feature toggles (root) and role permissions.
2. Create a record
- Click Add secret.
- Fill in:
- Name — a clear label (e.g. “CRM production API”).
- Slug — unique Latin identifier (e.g.
crm-main); hard to change after use. - Type — Bearer, Basic, API key, OAuth2 client credentials, SMTP, Telegram bot, HMAC, etc.
- Allowed consumers — which actions may use the record (for Send Request, pick Send Request in the list).
- Enter secret fields (token, login/password, headers, etc.).
- Click Save. Secret fields clear after save — this is expected.
3. Edit metadata
- Click Edit on a row.
- Change name, description, or allowed consumers.
- The secret is not shown on edit. Use Rotate secret to change the secret value.
4. Rotate a secret
- Choose Rotate secret for the record.
- Enter the new value.
- Save. All scenarios referencing this record (inline or legacy) use the new secret without node changes.
5. View usage
- Open Usage (or usage details from the table).
- Review bot, section, node, and action.
- Before deleting, remove the secret reference from those places in Scenario Builder.
6. Legacy secret scan
- Click Scan legacy secrets.
- Review Constants, Send Request nodes, and Custom actions tabs.
- Samples are masked. Create new records and update references manually — there is no automatic migration.
- For custom actions, copy migration snippet hints (no decrypted values).
7. Delete a record
- Confirm Usage = 0.
- Click Delete and confirm.
- If still in use, the system blocks deletion — open Usage and remove references.