Skip to Content
DocumentationFeaturesSecrets Management

Secrets Management

Loopstack provides built-in tools for requesting and retrieving secrets (API keys, tokens, etc.) from users at runtime.

Overview

Secrets are requested from the user via RequestSecretsTool and stored securely. They can later be retrieved with GetSecretKeysTool to verify availability.

Available Tools

ToolSourceDescription
RequestSecretsTool@loopstack/coreRequest secrets from the user via a UI prompt
GetSecretKeysTool@loopstack/coreList stored secret keys and their availability
SecretRequestDocument@loopstack/coreDocument displaying the secret input form

Example Workflow

import { BaseWorkflow, Final, Initial, InjectTool, ToolResult, Transition, Workflow } from '@loopstack/common';
import { GetSecretKeysTool, MarkdownDocument, RequestSecretsTool, SecretRequestDocument } from '@loopstack/core';
 
@Workflow({ uiConfig: __dirname + '/secrets-example.ui.yaml' })
export class SecretsExampleWorkflow extends BaseWorkflow {
  @InjectTool() private requestSecrets: RequestSecretsTool;
  @InjectTool() private getSecretKeys: GetSecretKeysTool;
 
  secretKeys?: Array<{ key: string; hasValue: boolean }>;
 
  @Initial({ to: 'requesting_secrets' })
  async requestSecretsFromUser() {
    // Request specific secrets from the user
    await this.requestSecrets.call({
      variables: [{ key: 'EXAMPLE_API_KEY' }, { key: 'EXAMPLE_SECRET' }],
    });
 
    // Display the secret request form
    await this.repository.save(SecretRequestDocument, {
      variables: [{ key: 'EXAMPLE_API_KEY' }, { key: 'EXAMPLE_SECRET' }],
    });
  }
 
  @Transition({ from: 'requesting_secrets', to: 'verifying', wait: true })
  async secretsSubmitted() {
    // Verify which secrets are now available
    const result: ToolResult<Array<{ key: string; hasValue: boolean }>> = await this.getSecretKeys.call({});
    this.secretKeys = result.data;
  }
 
  @Final({ from: 'verifying' })
  async showResult() {
    await this.repository.save(MarkdownDocument, {
      markdown: this.render(__dirname + '/templates/secretsVerified.md', {
        secretKeys: this.secretKeys,
      }),
    });
  }
}

How It Works

  1. RequestRequestSecretsTool tells the framework which secrets are needed
  2. DisplaySecretRequestDocument shows a secure input form in the UI
  3. Wait — The workflow pauses (wait: true) until the user submits the secrets
  4. VerifyGetSecretKeysTool checks which secrets are now stored
  5. Use — Secrets are available as environment variables in subsequent tool calls

Template Example

# Secrets Verification
 
{{#each secretKeys}}
 
- **{{this.key}}**: {{#if this.hasValue}}Stored{{else}}Missing{{/if}}
  {{/each}}

Registry References

  • secrets-example-workflow  — Request secrets from user, verify storage, and display results with both direct workflow and agent-based approaches
Last updated on