Skip to main content

Managing Secrets

Secrets let you pass credentials, API keys, and other sensitive values to pipeline components without embedding them in your pipeline YAML or argument fields.

Secret values are stored securely on the TangleML backend and referenced by name at runtime. The value is never stored in the browser or in the pipeline definition — only the secret name is.

Managing secrets

Navigate to Settings → Secrets to view and manage your secrets.

Adding a secret

  1. Click Add Secret.
  2. Enter a name for the secret. This name is used to reference the secret in component arguments.
  3. Enter the value.
  4. Click Save.

Replacing a secret

Secret values cannot be read back from the backend after they are saved. To update a secret's value:

  1. Find the secret in the list and click Replace.
  2. Enter the new value.
  3. Click Save.

Deleting a secret

Click the delete icon next to a secret to remove it permanently.

warning

Deleting a secret that is referenced in a pipeline argument will cause that argument to fail at execution time. Update any pipelines that reference the secret before deleting it.

Using secrets in component arguments

When configuring a task input in the pipeline editor, click the dynamic data button (database icon) next to an argument field to switch from a static value to a dynamic source.

The dynamic data panel provides two categories:

  • Secrets: Lists all secrets stored in your TangleML instance. Select one to bind the argument to that secret's value. At execution time, the backend injects the actual value — it is not visible in the editor or the pipeline YAML.
  • System data: Runtime-provided values such as the pipeline run ID, pipeline name, and current timestamp. Useful for generating unique output paths or annotating runs without hardcoding values.

The argument field displays the secret or system data name rather than its value. The resolved value is only available to the executing component at runtime.

tip

System data arguments are particularly useful for outputting artifacts to unique per-run paths, for example: combining the run ID with a fixed prefix to avoid collisions across multiple runs of the same pipeline.