Get Started
Secrets at Brainbase
Secrets are the credentials your agents need to work with private systems: API keys, tokens, integration credentials, and other sensitive values. Brainbase stores those credentials securely and delivers them to the agent only when a run needs them.
Storage
- Encrypted at rest: Secrets are held in a managed, access-controlled secret store and encrypted at rest.
- Scoped to a single agent: Each secret belongs to exactly one agent. Secrets are never shared implicitly across agents, teams, or workspaces.
- Least-privilege access: Only authorized managers can set or read secret values through the API. Everyone else operates without ever receiving them.
Runtime injection
- Delivered only at execution: When an agent runs, its secrets are injected into that run's isolated sandbox as environment variables and nowhere else.
- Per-run and ephemeral: Each task gets a fresh sandbox. Secrets live only for the lifetime of that run and are gone when it ends.
- Scoped credentials, not broad ones: Injection uses a narrow, agent-scoped credential, so a single run can never reach beyond that agent's own secrets.
- Native to the agent: Your agent reads secrets the standard way, through environment variables such as
process.env.KEY. Secrets do not need to live in code, prompts, or configuration.
Be careful with secret output
Agents are instructed not to echo secrets, but a user could still prompt an agent to print environment variables or write them to a file. Treat secret-bearing agents carefully and avoid asking them to expose runtime environment values.
Safeguards
- Automatic redaction: Logs, events, and transcripts pass through a multi-layer redactor that detects and masks known credential formats and high-entropy values before anything is persisted.
- No third-party exposure: Secrets stay within Brainbase's infrastructure and the agent's own runtime. They are never sent to outside services.
- Rotate anytime: Update or rotate a secret, and the change applies on the agent's next run automatically.