Use workspace secrets
Workspace secrets store sensitive credentials for automations and AI employee tool use without exposing raw values in chat or browser code.
What workspace secrets are for
Slack tokens
GitHub API keys
External service auth headers
Webhook or API credentials used by automations or AI employee HTTP requests
Best-practice guidance
Secrets are stored separately from public integration metadata.
Secret values should not be pasted into browser code or shared in normal chat.
The UI should show masked values rather than raw values.
Add a secret once in workspace settings, then let the employee or automation reference it safely.
Related wording to keep straight
Authorize URLs are not secrets.
Client secrets, access tokens, refresh tokens, and external service keys are secrets.
If a flow only needs public metadata, do not tell users to save it as a secret.