Skip to main content
Secrets are workspace-owned values. Use them for model API keys, OAuth client secrets, service tokens, and other credentials that belong to the app operator. Use integrations when the credential belongs to an app user.

Create a secret

capsule secret create OPENAI_API_KEY=sk-...
List secrets: 
capsule secret list

Inject a secret

app = cpsl.App(
    name="secret-demo",
    image=cpsl.Image(python_packages=["openai"]),
    secrets=["OPENAI_API_KEY"],
)
The secret is available in the app runtime environment.

Resolve a secret explicitly

api_key = cpsl.Secret.from_name("OPENAI_API_KEY").value
This checks the local environment first, then falls back to the runtime resolver.

Use secrets for integration setup

app.add_integration(
    cpsl.GitHub(
        client_id=cpsl.Secret.from_name("GITHUB_CLIENT_ID"),
        client_secret=cpsl.Secret.from_name("GITHUB_CLIENT_SECRET"),
        scopes=["repo"],
    )
)
The OAuth client belongs to the app operator. The connected GitHub credential belongs to the user.