Skip to main content
Use Secrets to securely store sensitive information like passwords and API keys. Use Secrets for all third-party API keys.
Secrets management

How do I add a secret?

  1. Go to Secrets in the sidebar
  2. Enter a name (like TWILIO_API_KEY) and value
  3. Pick which environments should receive it: Production, Development, or both
  4. Click Save

How do I use secrets in my app?

Hercules automatically uses your secrets when building features:
  • “Send emails with SendGrid” uses your SENDGRID_API_KEY
  • “Send SMS with Twilio” uses your TWILIO_API_KEY
Secrets are referenced in code with process.env.SECRET_NAME.

What are environments?

Each secret is scoped to one or more environments:
  • Production is your live app.
  • Development covers your development deployments.
A secret set for both environments is available everywhere. A secret set for only one environment is invisible to the other. See Environments for how development deployments work.

Can I mark a secret as sensitive?

Yes. Check Sensitive when adding a secret to encrypt and hide the value after saving. Sensitive values can’t be revealed again. To change a sensitive secret, edit it and enter a new value (leave blank to keep the current one).

Can Hercules AI see my secrets?

Hercules AI can see your secret names but not values. This lets it reference the correct secret when building features without exposing sensitive data.

Additional FAQ

Hercules includes some predefined secrets for internal functionality (Hercules API keys, auth/OIDC tokens). These are marked as managed and you can’t edit or delete them.
Yes. Add the same key twice, once scoped to Production and once scoped to Development, each with its own value.
Immediately delete the old secret (in Hercules and the third-party) and create a new one with the fresh key.
Secrets are encrypted at rest and never appear in your code or logs.