Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.overcut.ai/llms.txt

Use this file to discover all available pages before exploring further.

The Vault is Overcut’s built-in secrets manager for project-scoped credentials: API keys, tokens, passwords, and connection strings used by a single project’s workflows, agents, and MCP servers. Values are encrypted at rest and injected as environment variables when workflows execute. Secrets are never exposed to the LLM, only to the agent’s sandbox environment. The Vault lives inside Project Settings at Project → Project Settings → Project Vault. Each project has its own independent vault. For platform-wide credentials shared across every project (such as the Claude API key used by the Claude Agent SDK), use Workspace Secrets instead.

Overview

Encrypted Storage

Secret values are encrypted before being stored. They cannot be read back through the UI or API, only updated or deleted.

Selective Assignment

Assign secrets to specific workflows, agents, and MCP servers, or make them available globally for all executions.

Environment Injection

Secrets are injected as environment variables at runtime. Reference them in MCP server configs using syntax.

LLM-Safe

Secret values are never sent to the AI model. They exist only in the execution sandbox as environment variables.

Creating a Secret

Open the Project Vault

Open the project, then go to Project Settings → Project Vault.

Add a new secret

Click New Secret and enter a name and value.

Name format

Secret names must start with an uppercase letter and contain only uppercase letters, numbers, and underscores. For example: API_KEY, GITHUB_TOKEN, DB_PASSWORD_PROD.

Set availability

Toggle Available for All Executions to make the secret accessible to every workflow and agent automatically. When disabled, you must explicitly assign the secret to specific workflows or agents.
Secret values have a maximum size of 10KB. Once created, the name cannot be changed, only the value can be updated.

Assigning Secrets

Secrets can be scoped in two ways:

Global Availability

Toggle Available for All Executions on a secret to inject it into every workflow run automatically. Use this for shared credentials that most workflows need, such as a third-party API key used across multiple MCP servers.

Per-Workflow, Per-Agent, and Per-MCP Server

For secrets that should only be available to specific workflows, agents, or MCP servers:

Assign to a workflow

Open the workflow settings, scroll to the Secrets section, and add the secrets this workflow needs.

Assign to an agent

Open the agent settings, scroll to the Secrets section, and add the secrets this agent needs.

Assign to an MCP server

Open the MCP server settings, scroll to the Secrets section, and attach the secrets this server needs.
At runtime, Overcut merges secrets from all four sources (global secrets, workflow-assigned secrets, agent-assigned secrets, and MCP server-assigned secrets) and injects them into the execution environment.

Referencing Secrets

Use the ${VAR_NAME} syntax to reference vault secrets in MCP server configurations. At runtime, Overcut replaces each placeholder with the actual secret value. Example MCP server config referencing vault secrets: 
{
  "command": "npx",
  "args": ["-y", "figma-developer-mcp", "--stdio"],
  "env": {
    "FIGMA_API_KEY": "${FIGMA_API_KEY}"
  }
}
When this MCP server starts, ${FIGMA_API_KEY} is replaced with the decrypted value from the vault. The LLM never sees the actual key, only the tool interface exposed by the MCP server.
Make sure the secret is either set to Available for All Executions or explicitly assigned to the MCP server (or the workflow/agent that uses it). Otherwise the placeholder will not resolve.

Security Model

Encryption at Rest

All secret values are encrypted before being written to the database. Decryption only happens at execution time through an internal, authenticated endpoint.

No Read-Back

Secret values cannot be read back through the UI or API. The vault only tells you whether a value exists (hasValue). To change a secret, you enter the new value; you cannot view the current one.

Audit Trail

Every vault operation (create, update, delete, toggle availability) is logged with the secret name (never the value), project ID, and the user who performed the action.

LLM Isolation

Secrets are injected as environment variables into the agent’s sandbox process. The AI model interacts with tools and APIs through those processes but never receives the secret values in its prompt or context.

Output Filtering

Secret values are automatically filtered from tool outputs before they reach the model. If a tool accidentally returns a response containing a secret value, Overcut redacts it so the secret is never exposed in the conversation or logs.

Best Practices

  • Use the vault for all credentials: never hardcode API keys, tokens, or passwords in MCP server configs or agent instructions.
  • Prefer per-workflow/per-agent assignment over global availability when a secret is only needed by a few workflows. This follows the principle of least privilege.
  • Use descriptive names that make it clear what the secret is for: DATADOG_API_KEY is better than KEY_1.
  • Rotate secrets by updating the value in the vault. All workflows and MCP servers referencing that secret will pick up the new value on their next execution. No config changes needed.

Next Steps