Overview
Encrypted Storage
Secret values are encrypted before being stored. They cannot be read back through the UI or API — only updated or deleted.
Selective Assignment
Assign secrets to specific workflows and agents, or make them available globally for all executions.
Environment Injection
Secrets are injected as environment variables at runtime. Reference them in MCP server configs using syntax.
LLM-Safe
Secret values are never sent to the AI model. They exist only in the execution sandbox as environment variables.
Creating a Secret
Name format
Secret names must start with an uppercase letter and contain only uppercase letters, numbers, and underscores. For example:
API_KEY, GITHUB_TOKEN, DB_PASSWORD_PROD.Secret values have a maximum size of 10KB. Once created, the name cannot be changed — only the value can be updated.
Assigning Secrets
Secrets can be scoped in two ways:Global Availability
Toggle Available for All Executions on a secret to inject it into every workflow run automatically. Use this for shared credentials that most workflows need, such as a third-party API key used across multiple MCP servers.Per-Workflow and Per-Agent
For secrets that should only be available to specific workflows or agents:Assign to a workflow
Open the workflow settings, scroll to the Secrets section, and add the secrets this workflow needs.
Referencing Secrets
Use the${VAR_NAME} syntax to reference vault secrets in MCP server configurations. At runtime, Overcut replaces each placeholder with the actual secret value.
Example — MCP server config referencing vault secrets:
${FIGMA_API_KEY} is replaced with the decrypted value from the vault. The LLM never sees the actual key — it only sees the tool interface exposed by the MCP server.
Security Model
Encryption at Rest
All secret values are encrypted before being written to the database. Decryption only happens at execution time through an internal, authenticated endpoint.No Read-Back
Secret values cannot be read back through the UI or API. The vault only tells you whether a value exists (hasValue). To change a secret, you enter the new value — you cannot view the current one.
Audit Trail
Every vault operation — create, update, delete, toggle availability — is logged with the secret name (never the value), project ID, and the user who performed the action.LLM Isolation
Secrets are injected as environment variables into the agent’s sandbox process. The AI model interacts with tools and APIs through those processes but never receives the secret values in its prompt or context.Output Filtering
Secret values are automatically filtered from tool outputs before they reach the model. If a tool accidentally returns a response containing a secret value, Overcut redacts it so the secret is never exposed in the conversation or logs.Best Practices
- Use the vault for all credentials — never hardcode API keys, tokens, or passwords in MCP server configs or agent instructions.
- Prefer per-workflow/per-agent assignment over global availability when a secret is only needed by a few workflows. This follows the principle of least privilege.
- Use descriptive names that make it clear what the secret is for:
DATADOG_API_KEYis better thanKEY_1. - Rotate secrets by updating the value in the vault. All workflows and MCP servers referencing that secret will pick up the new value on their next execution — no config changes needed.
Next Steps
- MCP Servers — Connect external tools to your agents and reference vault secrets in their configuration
- Workspace Settings — Configure workspace-level settings and defaults
- Core Building Blocks — Understand how agents, actions, and triggers connect