Koyeb Secrets allow you to securely store and retrieve sensitive information like passwords or API tokens. They enable you to secure your code by removing hardcoded credentials and let you pass environment variables securely to your applications.

Another advantage of using Secrets is their reusability. This means that you can easily reuse a Secret value in different Services. Secrets are global to the organization, so all Apps and Services can access the same values.

All Secret values are automatically encrypted server-side to ensure secure storage. To prevent unauthorized access, Secret access must be explicitly granted to your Services.

Create a Secret

A Secret is composed of a name and a value. The name of a Secret must comply with RFC1123 (opens in a new tab), the DNS naming convention, and can only contain lowercase letters, numbers and dashes.

To create a Secret, click Secrets (opens in a new tab) in the top bar of the Koyeb control panel. In the Add secret box, input a Name and Value and click the Create Secret button.

Adding Secrets to a Service

Secrets are used in Services in the following ways:

Delete a Secret


Make sure no production Service is using your Secret before deleting it as this might generate production failures or outages.

Deleting a Secret is permanent and irreversible. When you delete a Secret, all resources using it will lose access to its value.

To delete a Secret, visit the Secrets page (opens in a new tab) in the Koyeb control panel. Click the context menu associated with the Secret and click Delete secret.

Using Secrets in your applications

You can attach a Secret to your Service by setting its value to an environment variable in the Service configuration. The Secret's value can then be accessed within your application using your language's environment variable functionality.

For example, if you set a Secret to an environment variable called DATABASE_URL, you could access it like this: