Create a secret
Creates a new secret. The gateway uses secrets to inject credentials into outbound requests matching the host and path patterns.
- anthropic and openai types are auto-configured.
- generic type requires an
injectionConfig. - Instead of an inline
value, a project secret can reference a 1Password field: setvalueSourcetoonepasswordand provideopRef. The gateway resolves the value at request time via the project’s 1Password vault connection.
Authorizations
API key obtained from the dashboard or GET /user/api-key
Body
1 - 255"Anthropic Production"
anthropic, openai, generic Hostname pattern to match (no ://, /, or spaces). A *. wildcard is only allowed as a leading subdomain and must not cover a public suffix.
"api.anthropic.com"
inline, onepassword The secret value (API key, token, etc.). Required unless valueSource is onepassword.
1 - 100001Password secret reference (op://vault/item/field). Required when valueSource is onepassword.
Human-readable labels of the picked 1Password vault/item/field, for display only.
Optional path pattern to match
1000How the gateway injects this secret into matching outbound requests (generic secrets only). Exactly one variant:
- Header —
{ "headerName": "Authorization", "valueFormat": "Bearer {value}" } - Query parameter —
{ "paramName": "key", "paramFormat": "{value}" } - URL path template —
{ "pathTemplate": "/bot{value}" }(must start with/and contain{value}exactly once) - URL path regex —
{ "pathRegex": "^/bot([^/]+)", "pathReplacement": "/bot{value}" }(replacement must contain{value})
Unknown or mixed keys are rejected.
- Header injection
- Query parameter injection
- URL path template injection
- URL path regex injection
Response
Secret created. The response contains the core fields (id, name, type, valueSource, opRef, hostPattern, pathPattern, createdAt) plus a masked preview of inline values.
The narrowed secret representation returned by create endpoints.