Secrets¶
You can set secrets that can be used by your processes.
To define secrets, you just need to use the _secrets
prefix in your process YAML file.
For example, let’s say that you need an API KEY for an HTTP Request Service Task to connect to an external system. It’s not a good idea to have the API KEY in the code, thus, you should use a secret.
# myProcess.yml
serviceTasks:
fetchMyData:
type: httpRequest
name: Fetch data example
method: GET
url: https://example.com/myEndpoint
query:
apikey: "{{_secrets.mySecretApiKey}}"
After publishing your process, in the app settings screen, you will be able to set the value of your secret.

Secrets are stored in a protected Vault instance. Users with manage-apps
permissions can modify secret values.
Warning
Smartmate does not allow to view secrets to any user. Secrets are only visible by the system.
BUT
When developing processes, you should avoid displaying secrets on forms, sending them through email, or sending them to services you don’t trust, etc.
This is just common sense, but still, it’s important to emphasize.