Skip to main content

Admin: Secrets

Use Admin > Secrets to save private values your app needs, such as API keys, tokens, or service credentials.

Secrets are hidden values. They should not be visible to visitors and should not be placed in normal page text.

When You Need Secrets

You may need secrets when your app connects to services such as:

  • Stripe
  • email providers
  • AI services
  • maps or location services
  • CRM tools
  • private APIs
  • automation platforms

Many Admin integrations, such as Stripe, save their own secrets during setup. Use the Secrets page when you need to add or update a value manually.

Important Safety Rule

Do not paste private keys into:

  • page text
  • headings
  • buttons
  • chat prompts that ask Genie to put the key into visible app content
  • public code snippets
  • forms that visitors can see

Use Admin > Secrets instead.

Add a Secret

  1. Open your Genie app.
  2. Select Admin.
  3. Open Secrets.
  4. Enter the secret name.
  5. Enter the secret value.
  6. Select Create Secret.

Secret names usually use uppercase letters and underscores.

Examples:

  • STRIPE_SECRET_KEY
  • GOOGLE_CLIENT_SECRET
  • MAPS_API_KEY
  • SENDGRID_API_KEY
  • OPENAI_API_KEY

Local Preview and Published App

Secrets may show where they are saved:

  • Local preview: available while testing in the builder.
  • Published app: synced to the live app after publishing.
  • Local preview + published app: available in both places.

If your app has not been published yet, a secret may be saved locally first and synced later after publish.

Update a Secret

Secret values are write-only. This means you can see the secret name, but not the saved value.

To update a value:

  1. Select the secret name or type the same name again.
  2. Enter the new value.
  3. Select Create Secret or save again.

The new value replaces the old one.

Delete a Secret

Delete a secret only when you are sure the app no longer needs it.

  1. Open Admin > Secrets.
  2. Find the saved secret.
  3. Select Delete.
  4. Test the app again.

If a feature stops working after deletion, the app may still need that secret.

Best Practices

  • Use clear secret names.
  • Keep one secret per value.
  • Remove secrets that are no longer used.
  • Update secrets if a provider tells you a key was exposed or rotated.
  • Publish again after important secret changes.
  • Test the related feature after saving or deleting secrets.

Troubleshooting

A Feature Works in Preview but Not Live

The secret may be saved locally but not synced to the published app. Publish the app again, then test the live URL.

I Cannot See the Secret Value

That is expected. Secret values are hidden after saving. Enter a new value if you need to update it.

The Secret Name Is Rejected

Use uppercase letters, numbers, and underscores. Start with a letter.

Good example:

PAYMENT_API_KEY

Avoid spaces, dashes, and special characters.