What to put in Vault
- API keys for services you want Kazzle to use
- Login details for accounts you want to automate
- Git credentials for private repos
- Webhook secrets for apps
- Database connection strings
- Tokens for SMS, email, payments, analytics, or other tools
Why use Vault
Vault keeps secrets out of chat and source code.- Secrets are encrypted at rest
- The AI does not see the plaintext value
- Chat logs and tool results do not show the secret
- The same saved secret can be reused by apps and automations
- Secrets are scoped to your space
How Kazzle uses a secret
When the AI needs a secret, it uses a saved reference. Kazzle fills in the real value only when the action runs. For example, if an app needs an email API key, the AI can wire the app to use the saved secret without printing the key in the thread.Organizing secrets
Most people can save a secret and use it directly. Bigger apps and teams can organize secrets into:- Collections - groups of secrets for an app, workflow, or service
- Environments - separate values for development and production
Using secrets in apps
When Kazzle builds an app, it can connect the app to secrets in Vault. During preview and deployment, Kazzle provides those secrets to the app without storing them in the app’s code. For generated apps, secrets are usually attached to the app’s component configuration. If you are editing the app manually, see Kazzle CLI for how development commands receive secrets.Developer notes
If you need the technical behavior:- Simple secrets become environment variables for app processes
- Multi-field secrets can hold structured credentials, such as a login with email and password
- Secret references are resolved by Kazzle at runtime
- Production apps receive only the secrets declared for their component
- Browser-facing UI builds should only use public values that are safe to expose