Migration Rest Portal

Build Apps

Go Headless

Client

API Preview

Develop Websites

REST

GraphQL (Alpha)

# Velo: About the Secrets Manager

<div style="background: #D9F4F4; border: 1px solid #B3E9E8; border-radius: 6px; padding: 7px 17px 7px 17px; width: max-content; margin-top: 5px; margin-bottom: 5px;">Visit the <a style="text-decoration: color: #3197EF;" href="fallback::https://www.wix.com/velo" target="_blank">Velo by Wix website</a> to onboard and continue learning.</div>

Velo's Secrets Manager lets you securely store secrets such as API keys. The value of each secret is safely stored and encrypted in the Secrets Manager in your site's dashboard so that only you can access it. You choose a name for each secret, which is used in your site's code.

![](https://wixmp-833713b177cebf373f611808.wixmp.com/images/about-the-secrets-manager-md__tmp_git-push-eventa0923d278bc9b595128ea3dbbbd6d917_velo-articles_developer-tools_images_secrets_list.jpg)

To use the Secrets Manager:
+ Wix Studio: If necessary, click ![Code icon](https://github.com/wix-incubator/wix-code-docs/assets/50321691/2c41d3df-930f-4e0f-966f-038742adceed) and then **Start Coding**. 
+ Wix Editor: [Enable Velo Dev Mode](resourceId::f91d5d8e-9c8c-4f9b-b0be-2ee626096172*fallback::https://github.com/wix-private/developer-docs/blob/b0f6d8236a0258d9ee3e849c4b62c8adf08e6821/velo-articles/Wix%20Members%20with%20Velo/Enabling%20Custom%20Site%20Registration.md) for your site.

To access the Secrets Manager:

Select **Developer Tools** from the Code sidebar (Wix studio), or the Velo Sidebar (Wix Editor). Under the Security section, select **Secrets Manager**. Alternatively, you can select **Developer Tools** in your site's [dashboard](fallback::https://support.wix.com/en/article/accessing-your-sites-dashboard). Then select **Secrets Manager**.

### Protect Your Secrets

Sometimes you may need to add private information such as an API key to your site's code. For example, Velo allows you to integrate 3rd-party services with your site, such as Stripe and SendGrid. Some 3rd-party services require an API key for authentication. The service provides you with the key, which you add to the code that calls their service.

API keys and other Secrets are a sensitive resource, since they usually allow you to perform restricted operations. Never add secrets to your page, site, and public code, since anyone can access them. Backend code is secured, but you should follow security best practices and store your secrets separately from the code. Here's why:

*   **Code Sharing:** You may want to collaborate and share your code with others or manage it in a public repository, increasing the potential for accidental leakage of secrets.
*   **Code Reuse:** Since code is often reused, your hardcoded secrets may be copied, increasing risk of exposure.
*   **Public Exposure:** Hardcoded secrets are visible on your screen, exposing them to potential passerby.

Instead of hardcoding your secrets, you can use the Secrets Manager and the Velo [Secrets API](fallback::https://www.wix.com/corvid/reference/wix-secrets-backend.html) to safely work with secrets in your code.

### How It Works

Follow this general procedure for working with API keys or other secrets using the Secrets Manager:

1.  Get private information such as an API key from a 3rd-party service.
2.  Store the private information as a new secret in the Secrets Manager. Assign a name to the secret.
3.  In your **backend** code, instead of hardcoding the API key, use the `getSecret()` function with the secret name assigned in the Secrets Manager. When the code runs, the value of the secret is extracted from the Secrets Manager.

```javascript
import {getSecret} from 'wix-secrets-backend';

//...
const mySecret = await getSecret("myApiKeyName");
```

>**What's Next** 
> *   [Learn how to add and edit secrets in the Secrets Manager.](fallback::https://support.wix.com/en/article/corvid-working-with-the-secrets-manager)
> *   [Learn how to work with the Secrets API.](fallback::https://www.wix.com/corvid/reference/wix-secrets-backend.html)