You can set secrets that can be used by your processes.

To define secrets, you just need to use the _secrets prefix in your process YAML file.

For example, let’s say that you need an API KEY for an HTTP Request Service Task to connect to an external system. It’s not a good idea to have the API KEY in the code, thus, you should use a secret.

# myProcess.yml


    type: httpRequest
    name: Fetch data example
    method: GET
      apikey: "{{_secrets.mySecretApiKey}}"

After publishing your process, in the app settings screen, you will be able to set the value of your secret.

Settings Secrets Screen

Secrets are stored in a protected Vault instance. Users with manage-apps permissions can modify secret values.


Smartmate does not allow to view secrets to any user. Secrets are only visible by the system.


When developing processes, you should avoid displaying secrets on forms, sending them through email, or sending them to services you don’t trust, etc.

This is just common sense, but still, it’s important to emphasize.