SecretService
Section titled “SecretService”Service for managing organization-scoped Daytona Secrets.
This service provides methods to create, list, get, update, and delete Secrets. Secrets can be
mounted into Sandboxes as environment variables by referencing them via the secrets field on
the create-sandbox parameters. The Sandbox only ever sees the Secret’s opaque placeholder; the
real value is substituted at the network egress layer for the Secret’s allowed hosts.
Constructors
Section titled “Constructors”new SecretService()
Section titled “new SecretService()”new SecretService(secretApi: SecretApi): SecretServiceParameters:
secretApiSecretApi
Returns:
SecretService
Methods
Section titled “Methods”create()
Section titled “create()”create(params: CreateSecretParams): Promise<Secret>Creates a new Secret.
Parameters:
paramsCreateSecretParams - Parameters for the new Secret
Returns:
Promise<Secret>- The newly created Secret (without the plaintextvalue)
Throws:
If a Secret with the same name already exists in the organization
Example:
const daytona = new Daytona();const secret = await daytona.secret.create({ name: "anthropic-prod", value: "sk-ant-...", hosts: ["api.anthropic.com"],});console.log(`Created secret ${secret.name} with placeholder ${secret.placeholder}`);delete()
Section titled “delete()”delete(secretId: string): Promise<void>Deletes a Secret.
Parameters:
secretIdstring - ID of the Secret to delete
Returns:
Promise<void>
Throws:
If the Secret does not exist
Example:
const daytona = new Daytona();await daytona.secret.delete("secret-id");console.log("Secret deleted successfully");get(secretId: string): Promise<Secret>Gets a Secret by its ID.
Parameters:
secretIdstring - ID of the Secret to retrieve
Returns:
Promise<Secret>- The requested Secret
Throws:
If the Secret does not exist
Example:
const daytona = new Daytona();const secret = await daytona.secret.get("secret-id");console.log(`Secret ${secret.name} can be used on ${secret.hosts.join(', ')}`);list()
Section titled “list()”list(): Promise<Secret[]>Lists all Secrets in the organization.
Returns:
Promise<Secret[]>- List of all Secrets in the organization
Example:
const daytona = new Daytona();const secrets = await daytona.secret.list();console.log(`Found ${secrets.length} secrets`);secrets.forEach(secret => console.log(`${secret.name} (${secret.id})`));update()
Section titled “update()”update(secretId: string, params: UpdateSecretParams): Promise<Secret>Updates an existing Secret. Omitted fields are left unchanged.
Parameters:
secretIdstring - ID of the Secret to updateparamsUpdateSecretParams - Fields to update
Returns:
Promise<Secret>- The updated Secret
Throws:
If the Secret does not exist
Example:
const daytona = new Daytona();const secret = await daytona.secret.update("secret-id", { value: "sk-ant-new-value", hosts: ["api.anthropic.com", "*.anthropic.com"],});CreateSecretParams
Section titled “CreateSecretParams”Parameters for creating a new Secret.
Properties:
description?string - Optional description of the Secrethosts?string[] - Hosts the Secret value may be sent to. Each entry is a hostname (api.example.com) or a*.wildcard (*.example.com); ports are not supported. Omit to leave the Secret unrestricted.namestring - Name of the Secret. Must match^[a-zA-Z_][a-zA-Z0-9_-]*$and be unique within the organization.valuestring - The plaintext Secret value. Stored encrypted and never returned by the API.
UpdateSecretParams
Section titled “UpdateSecretParams”Parameters for updating an existing Secret. Omitted fields are left unchanged.
Properties:
description?string - Optional description of the Secrethosts?string[] - Hosts the Secret value may be sent to. Same constraints as CreateSecretParams.hosts.value?string - Replaces the stored Secret value when present
Secret
Section titled “Secret”type Secret = SecretModel & { __brand: "Secret";};Represents an organization-scoped Secret.
The plaintext value is write-only and is never returned by the API. When a Secret is
referenced from a Sandbox, the injected environment variable holds the opaque
Secret.placeholder token, not the real value. The real value is substituted
transparently on outbound requests to the Secret’s allowed Secret.hosts.
Type declaration:
\_\_brand“Secret”