Skip to content
View as Markdown

Service for managing organization-scoped Daytona Secrets.

This service provides methods to create, list, get, update, and delete Secrets. Secrets can be mounted into Sandboxes as environment variables by referencing them via the secrets field on the create-sandbox parameters. The Sandbox only ever sees the Secret’s opaque placeholder; the real value is substituted at the network egress layer for the Secret’s allowed hosts.

new SecretService(secretApi: SecretApi): SecretService

Parameters:

  • secretApi SecretApi

Returns:

  • SecretService
create(params: CreateSecretParams): Promise<Secret>

Creates a new Secret.

Parameters:

  • params CreateSecretParams - Parameters for the new Secret

Returns:

  • Promise<Secret> - The newly created Secret (without the plaintext value)

Throws:

If a Secret with the same name already exists in the organization

Example:

const daytona = new Daytona();
const secret = await daytona.secret.create({
name: "anthropic-prod",
value: "sk-ant-...",
hosts: ["api.anthropic.com"],
});
console.log(`Created secret ${secret.name} with placeholder ${secret.placeholder}`);

delete(secretId: string): Promise<void>

Deletes a Secret.

Parameters:

  • secretId string - ID of the Secret to delete

Returns:

  • Promise<void>

Throws:

If the Secret does not exist

Example:

const daytona = new Daytona();
await daytona.secret.delete("secret-id");
console.log("Secret deleted successfully");

get(secretId: string): Promise<Secret>

Gets a Secret by its ID.

Parameters:

  • secretId string - ID of the Secret to retrieve

Returns:

  • Promise<Secret> - The requested Secret

Throws:

If the Secret does not exist

Example:

const daytona = new Daytona();
const secret = await daytona.secret.get("secret-id");
console.log(`Secret ${secret.name} can be used on ${secret.hosts.join(', ')}`);

list(): Promise<Secret[]>

Lists all Secrets in the organization.

Returns:

  • Promise<Secret[]> - List of all Secrets in the organization

Example:

const daytona = new Daytona();
const secrets = await daytona.secret.list();
console.log(`Found ${secrets.length} secrets`);
secrets.forEach(secret => console.log(`${secret.name} (${secret.id})`));

update(secretId: string, params: UpdateSecretParams): Promise<Secret>

Updates an existing Secret. Omitted fields are left unchanged.

Parameters:

  • secretId string - ID of the Secret to update
  • params UpdateSecretParams - Fields to update

Returns:

  • Promise<Secret> - The updated Secret

Throws:

If the Secret does not exist

Example:

const daytona = new Daytona();
const secret = await daytona.secret.update("secret-id", {
value: "sk-ant-new-value",
hosts: ["api.anthropic.com", "*.anthropic.com"],
});

Parameters for creating a new Secret.

Properties:

  • description? string - Optional description of the Secret
  • hosts? string[] - Hosts the Secret value may be sent to. Each entry is a hostname (api.example.com) or a *. wildcard (*.example.com); ports are not supported. Omit to leave the Secret unrestricted.
  • name string - Name of the Secret. Must match ^[a-zA-Z_][a-zA-Z0-9_-]*$ and be unique within the organization.
  • value string - The plaintext Secret value. Stored encrypted and never returned by the API.

Parameters for updating an existing Secret. Omitted fields are left unchanged.

Properties:

  • description? string - Optional description of the Secret
  • hosts? string[] - Hosts the Secret value may be sent to. Same constraints as CreateSecretParams.hosts.
  • value? string - Replaces the stored Secret value when present
type Secret = SecretModel & {
__brand: "Secret";
};

Represents an organization-scoped Secret.

The plaintext value is write-only and is never returned by the API. When a Secret is referenced from a Sandbox, the injected environment variable holds the opaque Secret.placeholder token, not the real value. The real value is substituted transparently on outbound requests to the Secret’s allowed Secret.hosts.

Type declaration:

  • \_\_brand “Secret”