Secrets are encrypted credentials available as environment variables in your agents. Manage them at agents.pinata.cloud/secrets or use the CLI.
Secret values cannot be viewed after saving. Store credentials securely before adding.
Secrets Vault
The vault has two sections:
AI Providers — Quick-access cards for LLM provider keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY). Shows “Connected” when configured.
Variables and Secrets — All other secrets and variables, showing name and which agents use them.
Connecting LLM Providers
The fastest way to add an LLM provider key is through the command palette (⌘K):
- Connect Anthropic →
ANTHROPIC_API_KEY
- Connect OpenAI →
OPENAI_API_KEY
- Connect OpenRouter →
OPENROUTER_API_KEY
OpenAI Connection Options
OpenAI offers two connection methods:
| Tab | Description |
|---|
| Codex Subscription | Connect using your OpenAI Codex subscription via OAuth |
| API Key | Enter an API key manually |
pinata agents auth openai --oauth
OPENAI_OAUTH_TOKEN in your secrets vault. See CLI auth for all provider options.
Adding Secrets and Variables
Use the command palette or click Add Secret:
| Action | Description |
|---|
| Add Secret | Create an encrypted secret (for API keys, tokens) |
| Add Variable | Create an environment variable |
| Import .env file | Bulk import from a .env file |
Using Secrets with Agents
During creation: Add secrets in Step 3 (Connect) under “Variables and Secrets”.
After deployment: Open the agent’s Secrets section and add from your vault.
New secrets require an agent restart to take effect.
Updating and Deleting
Click the … menu on any secret to update or delete.
- Updated secrets require agent restart
- Secrets in use by agents cannot be deleted — detach first
Security
- Encrypted at rest with AES-GCM
- Unique derived key per user
- Values never returned by API
- Injected as environment variables, not written to disk
