Company

Secrets

Securely store and manage API keys and credentials in Clerk.io
Secrets

Secrets Management System #

Secrets are stored with AES-256 encryption and can be created, updated, retrieved, and deleted through both the user interface and API. Access to secrets is controlled by role, ensuring that users only see the data relevant to them.

Use Cases #

You can use it to store API tokens and webhook keys, manage credentials for third party services, or handle sensitive data that comes with expiration requirements.

Getting Started #

The Secrets Management System is available in my.clerk.io.

  1. Click your Store name in the upper left corner
  2. Click your Company name in the top of the dropdown
  3. Click Secrets
  4. Click the button Create Secret
  5. Enter a Secret Name
  6. Enter a Secret Value, this value will be encrypted and stored securely
  7. (Optional) Set a Secret Expiration. If not set this secret will never expire unless manually deleted.
  8. Click Create Secret

Access and permissions #

  • Scope: Secrets live at the Company level and are not Store-specific.
  • Client users: Users can only see and manage the secrets they created themselves.
  • Company roles: Admins and Managers do not gain visibility into other users’ secrets.
  • Clerk staff: Authorized Clerk staff accounts can access secrets across clients when required for support.
Secrets are not shared with other users in your Company. If a teammate needs access, ask them to create their own secret or share the value via your internal process.

Expiration #

  • Optional expiry: Add an expiration when creating or editing a secret.
  • After expiry: Expired secrets are treated as inactive and cannot be retrieved via the UI or API.
  • Renewal: Update the expiration date to reactivate, or create a new secret to rotate credentials.