Secrets are encrypted at rest with AES-256-GCM and never appear in logs. They are versioned — every value change creates a new version, and old versions can be restored at any time. Secrets are only available on backend services. Frontend services useDocumentation Index
Fetch the complete documentation index at: https://docs.nexus.westyx.cloud/llms.txt
Use this file to discover all available pages before exploring further.
pk_ keys and run in untrusted environments — secret values are never sent to the browser.
Steps
Open your service
Navigate to your project, click on your backend service, and select the Secrets tab.
Create a new secret
Click + New Secret. An inline form appears at the top of the list.
Click Create.
| Field | Description |
|---|---|
| Key | Identifier used to read the secret in your code (e.g. database_password) |
| Value | The secret value — masked by default, reveal with the eye icon |
| Type | text for strings and passwords, file for certificates and binary content |
| Description | Optional note on this version (e.g. “Rotated after Q2 audit”) |
Versioning
Every value change creates a new version. The latest version is marked ACTIVE and is what the SDK reads. Older versions remain available — click ↑ on any previous version to restore it (this creates a new version with the old value, keeping the full history intact).Inherited secrets
Secrets marked INHERITED come from a linked umbrella service. To change the value for all linked services, click the edit icon and use the Open umbrella button to navigate there directly. If you need a different value on this service only, create a new secret with the same key — it will take precedence over the inherited one.Next steps
Create a config
Add a typed configuration value to your service.
Create a feature flag
Roll out features gradually with targeting rules.
Secrets reference
Full reference: audit trail, file secrets, retention.