Velo's Secrets Manager lets you securely store secrets such as API keys. The value of each secret is safely stored and encrypted in the Secrets Manager in your site's dashboard so that only you can access it. You choose a name for each secret, which is used in your site's code.
To use the Secrets Manager:
To access the Secrets Manager:
Select Developer Tools from the Code sidebar (Wix studio), or the Velo Sidebar (Wix Editor). Under the Security section, select Secrets Manager. Alternatively, you can select Developer Tools in your site's dashboard. Then select Secrets Manager.
Sometimes you may need to add private information such as an API key to your site's code. For example, Velo allows you to integrate 3rd-party services with your site, such as Stripe and SendGrid. Some 3rd-party services require an API key for authentication. The service provides you with the key, which you add to the code that calls their service.
API keys and other Secrets are a sensitive resource, since they usually allow you to perform restricted operations. Never add secrets to your page, site, and public code, since anyone can access them. Backend code is secured, but you should follow security best practices and store your secrets separately from the code. Here's why:
Instead of hardcoding your secrets, you can use the Secrets Manager and the Velo Secrets API to safely work with secrets in your code.
Follow this general procedure for working with API keys or other secrets using the Secrets Manager:
getSecret()
function with the secret name assigned in the Secrets Manager. When the code runs, the value of the secret is extracted from the Secrets Manager.1
What's Next