Custom secrets in Torq let you securely store and use sensitive data in workflows, API keys, passwords, tokens, SSH keys, and more. Secret values are never displayed or logged anywhere in the platform.
Torq uses Google KMS with FIPS 140-2 L3 validated HSM encryption. Secrets are accessed by the system only when needed and are never exposed in logs or UI.
How to use
Create a custom secret
Option 1: From within a workflow
Open the step: Navigate to the workflow step that requires sensitive data.
Trigger autocomplete: In the input field, type
$.secrets.to see available secrets.Create the secret: Select + Create new secret, enter a meaningful name (e.g.
<VENDOR>_api_key) and the secret value, and click Add.
Option 2: From the Custom Secrets integration
Navigate to the integration: Go to Integrations > Secret Management > Custom Secrets and click Add Instance.
Configure the secret: Enter a meaningful name (e.g.
<VENDOR>_api_key) and the secret value, and click Add.
Use a custom secret
Open the step: Navigate to the workflow step where you need the secret.
Select the secret: In the input field, type
$.secrets.to trigger autocomplete, then select the secret you want to use. The value is injected at runtime and never displayed.
Reference a secret in a workflow
Use $.secrets.<secret_name> to reference a secret in any workflow step. The value is injected at runtime without being exposed.
Dynamically reference secrets
To reference a secret whose name is determined at runtime (e.g. from a workflow parameter), use:
{{ secret $.workflow_parameters.<SECRET_NAME> }}This lets the secret name vary per execution, useful when different workflow runs need different credentials.
