Skip to main content
Use the Secrets Service to access organization-managed credentials safely at runtime. Instead of hardcoding values, you can list available secrets (metadata only) and retrieve specific secret values when you need them. This keeps sensitive data out of source code while giving agents and backend processes the credentials required to call cloud APIs, databases, and other protected services.

Quick Example

from kubiya.control_plane_client import ControlPlaneClient
import os

client = ControlPlaneClient(
    api_key=os.environ.get("KUBIYA_CONTROL_PLANE_API_KEY"),
    base_url=os.environ.get("KUBIYA_CONTROL_PLANE_BASE_URL", "https://control-plane.kubiya.ai")
)

# List secrets (metadata only)
secrets = client.secrets.list()
print("Secrets (metadata):", secrets)

# Retrieve a secret value by name (handle carefully)
value_obj = client.secrets.get_value("database-password")
# Do not log the secret value

Core Operations

List Secrets

Return metadata for all available secrets (no values). 
metadata = client.secrets.list()
print(metadata)

Get Secret Value

Retrieve the actual value for a named secret. 
secret_value = client.secrets.get_value("database-password")
# Use the value securely; avoid printing or logging

Best Practices

  • Never print or log secret values.
  • Prefer descriptive but non-revealing names and environment prefixes.
  • Fetch secret values only at execution time and keep them in memory as short as possible.