The /get-secret command enables you to securely retrieve and manage secrets from your vault. Perfect for:

  • Accessing API credentials
  • Retrieving database passwords
  • Managing authentication tokens
  • Storing sensitive configuration
  • Secure credential management

Basic Usage

Use the command to work with secrets:

/get-secret retrieve API credentials from vault collection "prod-secrets"
/get-secret list all secrets in collection "dev-config"
/get-secret create new secret "database-password" in collection "secure-vault"

Key Features

Secure Storage

  • Encrypted secret storage
  • Vault collection organization
  • Access control
  • Audit logging
  • Secure transmission

Management Operations

  • List secrets
  • Retrieve by key or ID
  • Create new secrets
  • Update existing secrets
  • Delete secrets

Flexible Access

  • Collection-based organization
  • Key-based retrieval
  • ID-based access
  • Filtered searches
  • Metadata support

Example Commands

List Secrets

/get-secret list all secrets in collection "api-keys"

Get Specific Secret

/get-secret retrieve "salesforce-login" from collection "crm-secrets"

Create Secret

/get-secret create "stripe-api-key" with API credentials in collection "payment-secrets"

Update Secret

/get-secret update secret ID "abc123" with new credentials

Delete Secret

/get-secret delete "old-api-key" from collection "deprecated-secrets"

Collection Management

Collection ID Usage

  • Required for all operations
  • Organizes secrets by environment
  • Enables access control
  • Supports filtering

Syntax Examples

Use secret skill with collectionId:prod-vault
Use secret skill with collectionId:dev-config with key:api-key and sortField:timestamp

Secret Operations

List Secrets

// Basic listing
const url = SECRETS_URL + '?format=light&isSecret=true&orderedBy=createdAt:desc&collectionId=XXX';

// With filtering
const url = SECRETS_URL + '?key=apiKey&sortField=timestamp&collectionId=XXX';

Retrieve by Key

const url = SECRETS_URL + '?key=salesforceLogin&orderedBy=createdAt:desc&limit=1&decryptSecrets=true&collectionId=XXX';

Retrieve by ID

const url = SECRET_URL + '/IGZ1a45felWHzqfYZANL?decryptSecrets=true&collectionId=XXX';

Response Formats

Secret List Response

[
  {
    "id": "YzjuXcFlRkkerg1XGQ3z",
    "createdAt": "2025-01-09T00:40:35.303Z",
    "sortField": "2025-01-09T00:40:35.076Z",
    "key": "test22",
    "updatedAt": "2025-01-09T00:40:35.303Z"
  }
]

Secret Content Response

[
  {
    "id": "IGZ1a45felWHzqfYZANL",
    "key": "salesforceLogin",
    "content": {
      "username": "myuser",
      "password": "mypass",
      "apiKey": "abc123",
      "other": {"customvar": "customval"}
    }
  }
]

Creating Secrets

Basic Creation

const url = SECRETS_URL + '?collectionId=XXX';
const data = {
  key: "apiCredentials",
  content: {
    apiKey: "your-api-key",
    apiSecret: "your-api-secret"
  }
};

With Metadata

const data = {
  key: "databaseConfig",
  content: {
    host: "db.example.com",
    username: "dbuser",
    password: "secure-password"
  },
  secretType: "database",
  metadata: {
    environment: "production",
    region: "us-west-2"
  }
};

Updating Secrets

Update by ID

const url = SECRET_URL + '/abc123?collectionId=XXX';
const data = {
  content: {
    apiKey: "updated-api-key",
    apiSecret: "updated-api-secret"
  }
};

Update Options

  • triggerChanges: Enable webhook notifications
  • metadata: Update metadata fields
  • content: Replace secret content

Deleting Secrets

Delete by Key

const url = SECRET_URL + '/apiKey?collectionId=XXX';

Delete by Key and Sort Field

const url = SECRET_URL + '/apiKey?collectionId=XXX&sortField=timestamp';

Delete by Item ID

const url = SECRET_URL + '/apiKey?itemId=abc123&collectionId=XXX';

Query Parameters

Required Parameters

  • collectionId: Vault collection identifier
  • decryptSecrets: Set to true for readable content

Optional Parameters

  • key: Filter by secret key
  • sortField: Filter by sort field
  • format: Response format (light/full)
  • orderedBy: Sort order
  • limit: Result limit
  • triggerChanges: Enable notifications

Best Practices

  1. Security

    • Always decrypt secrets when needed
    • Never hardcode secret values
    • Use appropriate collection IDs
    • Implement proper access controls
  2. Organization

    • Use descriptive key names
    • Organize by collections
    • Add relevant metadata
    • Maintain consistent naming
  3. Access Patterns

    • Retrieve secrets just-in-time
    • Cache appropriately
    • Handle errors gracefully
    • Audit secret access
  4. Lifecycle Management

    • Rotate secrets regularly
    • Update expired credentials
    • Clean up unused secrets
    • Monitor secret usage

Common Use Cases

API Integration

/get-secret retrieve "third-party-api" credentials for service integration

Database Connection

/get-secret get "production-db" connection string for application

Authentication

/get-secret fetch "oauth-tokens" for user authentication

Configuration

/get-secret load "app-config" secrets for environment setup

Error Handling

Common Issues

  • Missing collection ID
  • Invalid secret key
  • Decryption failures
  • Permission denied
  • Secret not found

Validation Steps

  1. Verify collection ID exists
  2. Check secret key format
  3. Ensure decryption enabled
  4. Validate permissions
  5. Handle missing secrets

Security Considerations

Encryption

  • Secrets encrypted at rest
  • Secure transmission
  • Key management
  • Access logging
  • Audit trails

Access Control

  • Collection-based permissions
  • User authentication
  • Role-based access
  • Activity monitoring
  • Compliance tracking

Integration Examples

Environment Configuration

/get-secret load all environment variables from "app-config" collection

Service Authentication

/get-secret retrieve service account credentials for external API calls

Database Access

/get-secret get database connection parameters for data processing

Tips

  • Always specify collectionId for all secret operations
  • Use decryptSecrets=true to get readable secret content
  • Organize secrets by environment or service collections
  • Include metadata for better secret management
  • Handle secret retrieval errors gracefully in your applications
  • Regularly audit and rotate stored secrets for security

The /get-secret command enables you to securely retrieve and manage secrets from your vault. Perfect for:

  • Accessing API credentials
  • Retrieving database passwords
  • Managing authentication tokens
  • Storing sensitive configuration
  • Secure credential management

Basic Usage

Use the command to work with secrets:

/get-secret retrieve API credentials from vault collection "prod-secrets"
/get-secret list all secrets in collection "dev-config"
/get-secret create new secret "database-password" in collection "secure-vault"

Key Features

Secure Storage

  • Encrypted secret storage
  • Vault collection organization
  • Access control
  • Audit logging
  • Secure transmission

Management Operations

  • List secrets
  • Retrieve by key or ID
  • Create new secrets
  • Update existing secrets
  • Delete secrets

Flexible Access

  • Collection-based organization
  • Key-based retrieval
  • ID-based access
  • Filtered searches
  • Metadata support

Example Commands

List Secrets

/get-secret list all secrets in collection "api-keys"

Get Specific Secret

/get-secret retrieve "salesforce-login" from collection "crm-secrets"

Create Secret

/get-secret create "stripe-api-key" with API credentials in collection "payment-secrets"

Update Secret

/get-secret update secret ID "abc123" with new credentials

Delete Secret

/get-secret delete "old-api-key" from collection "deprecated-secrets"

Collection Management

Collection ID Usage

  • Required for all operations
  • Organizes secrets by environment
  • Enables access control
  • Supports filtering

Syntax Examples

Use secret skill with collectionId:prod-vault
Use secret skill with collectionId:dev-config with key:api-key and sortField:timestamp

Secret Operations

List Secrets

// Basic listing
const url = SECRETS_URL + '?format=light&isSecret=true&orderedBy=createdAt:desc&collectionId=XXX';

// With filtering
const url = SECRETS_URL + '?key=apiKey&sortField=timestamp&collectionId=XXX';

Retrieve by Key

const url = SECRETS_URL + '?key=salesforceLogin&orderedBy=createdAt:desc&limit=1&decryptSecrets=true&collectionId=XXX';

Retrieve by ID

const url = SECRET_URL + '/IGZ1a45felWHzqfYZANL?decryptSecrets=true&collectionId=XXX';

Response Formats

Secret List Response

[
  {
    "id": "YzjuXcFlRkkerg1XGQ3z",
    "createdAt": "2025-01-09T00:40:35.303Z",
    "sortField": "2025-01-09T00:40:35.076Z",
    "key": "test22",
    "updatedAt": "2025-01-09T00:40:35.303Z"
  }
]

Secret Content Response

[
  {
    "id": "IGZ1a45felWHzqfYZANL",
    "key": "salesforceLogin",
    "content": {
      "username": "myuser",
      "password": "mypass",
      "apiKey": "abc123",
      "other": {"customvar": "customval"}
    }
  }
]

Creating Secrets

Basic Creation

const url = SECRETS_URL + '?collectionId=XXX';
const data = {
  key: "apiCredentials",
  content: {
    apiKey: "your-api-key",
    apiSecret: "your-api-secret"
  }
};

With Metadata

const data = {
  key: "databaseConfig",
  content: {
    host: "db.example.com",
    username: "dbuser",
    password: "secure-password"
  },
  secretType: "database",
  metadata: {
    environment: "production",
    region: "us-west-2"
  }
};

Updating Secrets

Update by ID

const url = SECRET_URL + '/abc123?collectionId=XXX';
const data = {
  content: {
    apiKey: "updated-api-key",
    apiSecret: "updated-api-secret"
  }
};

Update Options

  • triggerChanges: Enable webhook notifications
  • metadata: Update metadata fields
  • content: Replace secret content

Deleting Secrets

Delete by Key

const url = SECRET_URL + '/apiKey?collectionId=XXX';

Delete by Key and Sort Field

const url = SECRET_URL + '/apiKey?collectionId=XXX&sortField=timestamp';

Delete by Item ID

const url = SECRET_URL + '/apiKey?itemId=abc123&collectionId=XXX';

Query Parameters

Required Parameters

  • collectionId: Vault collection identifier
  • decryptSecrets: Set to true for readable content

Optional Parameters

  • key: Filter by secret key
  • sortField: Filter by sort field
  • format: Response format (light/full)
  • orderedBy: Sort order
  • limit: Result limit
  • triggerChanges: Enable notifications

Best Practices

  1. Security

    • Always decrypt secrets when needed
    • Never hardcode secret values
    • Use appropriate collection IDs
    • Implement proper access controls
  2. Organization

    • Use descriptive key names
    • Organize by collections
    • Add relevant metadata
    • Maintain consistent naming
  3. Access Patterns

    • Retrieve secrets just-in-time
    • Cache appropriately
    • Handle errors gracefully
    • Audit secret access
  4. Lifecycle Management

    • Rotate secrets regularly
    • Update expired credentials
    • Clean up unused secrets
    • Monitor secret usage

Common Use Cases

API Integration

/get-secret retrieve "third-party-api" credentials for service integration

Database Connection

/get-secret get "production-db" connection string for application

Authentication

/get-secret fetch "oauth-tokens" for user authentication

Configuration

/get-secret load "app-config" secrets for environment setup

Error Handling

Common Issues

  • Missing collection ID
  • Invalid secret key
  • Decryption failures
  • Permission denied
  • Secret not found

Validation Steps

  1. Verify collection ID exists
  2. Check secret key format
  3. Ensure decryption enabled
  4. Validate permissions
  5. Handle missing secrets

Security Considerations

Encryption

  • Secrets encrypted at rest
  • Secure transmission
  • Key management
  • Access logging
  • Audit trails

Access Control

  • Collection-based permissions
  • User authentication
  • Role-based access
  • Activity monitoring
  • Compliance tracking

Integration Examples

Environment Configuration

/get-secret load all environment variables from "app-config" collection

Service Authentication

/get-secret retrieve service account credentials for external API calls

Database Access

/get-secret get database connection parameters for data processing

Tips

  • Always specify collectionId for all secret operations
  • Use decryptSecrets=true to get readable secret content
  • Organize secrets by environment or service collections
  • Include metadata for better secret management
  • Handle secret retrieval errors gracefully in your applications
  • Regularly audit and rotate stored secrets for security