ScopeHold
Providers and secretsBrowse

Start

Quick startCore concepts

Setup

Billing accounts, workspaces, and projectsProviders and secrets

Access

Members and agentsAccess rules

Security

Security settingsAudit log

Account

Billing and plans

Reference

TroubleshootingGlossary

Setup

Providers and secrets

Group credentials by provider, keep secret names clear, and use project assignment plus direct grants to control access.

Updated May 22, 2026

Providers keep related secrets together. A provider might represent Supabase, Stripe, GitHub, Cloudflare, OpenAI, or a generic group. Secrets live under providers and hold the encrypted credential payload.

Name secrets for retrieval

  • Use names that describe the credential purpose, not the raw value.
  • Add descriptions when the same provider has multiple similar secrets.
  • Keep production and test credentials separate.
  • Archive secrets that should leave normal access without losing historical context.

Workspace-level secrets

Workspace-level secrets can be assigned into one or more projects. In the all-projects view, use Project Assignment to see which projects can use a workspace secret and to add or remove assignments.

Project-level secrets

Project-level secrets belong to a single project. Members and agents in other projects do not see those secrets unless a separate secret is created or the resource is moved through an intentional workflow.

PreviousBilling accounts, workspaces, and projectsNextMembers and agents