API Keys & Tokens

How to keep your secrets safe

When composing SEL, you'll often need to use a key, token, or secret as part of a web request or similar operation. To do so without storing your secrets "in the clear" (as plaintext in your SEL), you should use your account Vault.

Your vault is a list of Names and Values (sometimes called "environment variables") that are encrypted before being stored. That means the value does not appear in your code and it also does not appear in the database. Instead, the value is decrypted only as-needed (to run your logic).

To use a vault value in your code, you simply refer to the name of the value in liquid syntax like so:

=Request("get", "https://api.myvendor.com/?api_key={{ ACME_KEY }}")

This will insert the value when the model runs, but otherwise all anyone can see is {{ ACME_KEY }}.

When using the vault, it is generally recommended to use MY_APIKEY (all caps) notation. This makes it easy to spot these values inside your SEL and find them later.