Skip to main content

Custom Secrets: Protect Sensitive Data

Securely create and use custom secrets within Torq workflows, ensuring data protection and confidentiality.

Updated today

Custom secrets in Torq enable the secure handling of sensitive authentication and authorization data within your workflows. This includes keys, passwords, usernames, API tokens/keys, and SSH keys. When used in a workflow, the actual secret values are concealed to provide confidentiality.

Important to know

Torq uses Google KMS for secret storage, ensuring robust encryption and compliance with FIPS 140-2 L3 validated HSM standards. The program securely accesses these secrets as needed—they are never displayed or logged, which maintains strict data protection.

Create custom secrets

There are two ways you can create a custom secret:

Option #1: Within a workflow

  1. Open the workflow: Within your workflow, navigate to the step requiring sensitive data.

  2. Open the step: In the sensitive data input field, type $.secrets. to trigger autocomplete for available secrets.

  3. Create the secret: Select + Create new secret.

    1. Name the secret with a meaningful identifier, such as <VENDOR>_api_key.

    2. Enter the secret value you wish to safeguard.

    3. Click Add to finalize.

Screenshot of the dropdown menu of secrets from within the step parameters, +Create new secret is highlighted in a red box

Option #2: Via the Custom Secrets integration

  1. Navigate to the integration: Go to Integrations > Steps > Custom Secrets.

  2. Create a new integration instance: Click Add instance.

    1. Enter a meaningful name for the secret, such as <VENDOR>_api_key.

    2. Enter the secret value you wish to safeguard.

    3. Click Add to finalize.

Reference custom secrets in workflows

To incorporate a custom secret into a workflow step, you can reference it with $.secrets. This method seamlessly integrates the protected data where needed without exposing the secret itself.

Gif of a Slack Slash Commands workflow on Torq accessing secrets

Dynamically reference custom secrets in workflows

You can use the custom secret's name as a parameter in your workflow (e.g. Workflow Parameters step), which allows it to change dynamically based on the workflow execution context. The example code below shows how the output of any step that returns the custom secret's name can be used:

{{ secret $.workflow_parameters.<SECRET NAME> }}


Did this answer your question?