# Secrets and Global Variables Secrets and global variables in Leverage allow you to securely store and reuse sensitive or configuration information across workflows. These live in **Organisation and Project Settings**, not on the workflow canvas. ### Key Features * Secure storage for sensitive information * Organisation-wide and project-specific scope * Easy referencing in workflows * Masked values for secrets * Reusable variable-style usage * Shared safely with teams ### Types of Variables in Leverage #### 1. Secrets (Settings Area) * For sensitive data like API keys, tokens, passwords * Values are masked and hidden after creation * Shared securely with team members * Best for authentication credentials #### 2. Global Variables (Settings Area) * For non-sensitive configuration values * Can be viewed and edited by authorised users * Ideal for URLs, IDs, and config values used across projects * Easier to manage than hard-coding #### 3. Workflow Variables (Canvas Area) * For passing data between actions in a workflow * Created and managed directly in the canvas * Not masked, used only within the workflow context ### Where to Store Secrets and Globals #### Organisation-Level Best for: * API keys used across multiple projects * Company-wide authentication tokens * Shared default config values #### Project-Level Best for: * Project-specific API keys * Environment-based configs (test vs prod) * Limited access credentials > 💡 Use organisation-level for company-wide resources. Use project-level for specific workflow or environment needs. ### How to Create Organisation Secrets or Variables 1. Click your profile (bottom left) 2. Select **Organisation Settings** 3. In the sidebar, choose **Secrets** or **Global Variables** 4. Click **Add** 5. Enter a name and value 6. Save > ⚠️ Secret values cannot be viewed again after saving. Store the original securely elsewhere. ### How to Create Project Secrets or Variables 1. Navigate to your project 2. Go to **Project Settings** → **Secrets** or **Global Variables** 3. Click **Add** 4. Enter name and value 5. Save > 💡 Project values override organisation values with the same name. ### How to Use in Workflows Use the `{{env.NAME}}` syntax: **API Calls** ```http Authorization: Bearer {{env.OPENAI_API_KEY}} ``` **Code Blocks** ```javascript const token = "{{env.API_TOKEN}}"; ``` **SQL Queries** ```sql SELECT * FROM users WHERE api_key = '{{env.DATABASE_KEY}}' ``` ### Common Use Cases #### API Integration * Store third-party keys (OpenAI, Slack, DB credentials) #### Team Collaboration * One team member adds the key, others can use it without seeing it #### Environment Management * Separate dev and prod keys, easy switching > 💡 Use workflow variables for passing data, not for secrets. ### Security Best Practices #### Do * Use clear names (eg `PROD_DB_PASSWORD`) * Rotate keys regularly * Use project-level for limited access #### Don’t * Share secrets outside the platform * Store non-sensitive values as secrets * Forget to update workflows when rotating > ⚠️ Anyone with settings access can overwrite or delete values. Control permissions carefully. ### Managing Existing Values #### Updating 1. Go to Organisation/Project Settings → Secrets/Globals 2. Edit and enter new value #### Deleting 1. Select the item → **Delete** → Confirm > ⚠️ Deleting will break workflows using it. Update workflows before deletion. ### Troubleshooting #### Secret or Global Variable Not Working * Check spelling in `{{env.NAME}}` * Confirm correct level (Organisation vs Project) * Ensure variable exists in the right settings area * Make sure you have admin rights ### Future Improvements We’re improving the secrets and global variables experience with: * Better workflow canvas integration * Easier selection