Secrets let you store sensitive values - API keys, passwords, tokens - securely in DataJet. Secret values are encrypted at rest and automatically redacted from script logs, so they never appear in plain text outside your scripts.
Creating a Secret
Go to Settings > Secrets
Click Create secret
Fill in the fields:
Title — A unique name in UPPER_SNAKE_CASE format (e.g. MY_API_KEY, DB_PASSWORD, SMTP_TOKEN). Must start with a letter and contain only uppercase letters, digits, and underscores.
Value — The sensitive value to store. This is encrypted immediately and cannot be viewed again after saving.
Description(optional) — A note to help you remember what this secret is for.
Click Create
Using Secrets in Scripts
Secrets are available in all script types through the secrets object. Reference a secret by its title:
In the Secrets table, click Update next to the secret you want to change
Enter the new value (leave empty to keep the current value)
Optionally update the description
Click Update
The previous value is permanently overwritten — there is no version history for secret values.
Deleting a Secret
Click Delete next to the secret in the table. This is immediate and permanent. Any scripts referencing the deleted secret will receive an empty value for that key.
Log Redaction
Secret values are automatically redacted from all script logs. If a secret's decrypted value appears anywhere in a log entry, it is replaced with [REDACTED] before the log is stored.
This applies to both the {% log %} tag and the | log filter. You do not need to do anything extra — redaction is always active.
Example:
If you have a secret API_KEY with value sk-abc123 and your script logs:
The stored log entry will show: [REDACTED]
Limits
Limit
Value
Secrets per store
50
Maximum value length
10,000 characters
Title format
UPPER_SNAKE_CASE — letters, digits, and underscores only, must start with a letter
