> ## Documentation Index > Fetch the complete documentation index at: https://onecli.sh/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create a secret > Creates a new secret. The gateway uses secrets to inject credentials into outbound requests matching the host and path patterns. - **anthropic** and **openai** types are auto-configured. - **generic** type requires an `injectionConfig`. ## OpenAPI ````yaml /openapi.yaml post /secrets openapi: 3.1.0 info: title: OneCLI API version: '1.0' description: > The OneCLI API lets you manage agents, secrets, policy rules, app connections, and user settings programmatically. **Base URL:** `https://api.onecli.sh/v1` (Cloud) or `http://localhost:10254/v1` (self-hosted) ## Authentication All endpoints require authentication via one of: - **API Key** — `Authorization: Bearer ` header. Generate keys in the dashboard or via `GET /v1/user/api-key`. - **Session** — Cookie-based session from the web dashboard. For organization-scoped API keys, include the `X-Project-Id` header to specify which project to operate on. servers: - url: https://api.onecli.sh/v1 description: OneCLI Cloud - url: http://localhost:10254/v1 description: Self-hosted (Docker) security: - bearerAuth: [] tags: - name: Agents description: Manage agents and their access tokens, secrets, and configuration. - name: Secrets description: Manage credentials that the gateway injects into outbound requests. - name: Rules description: >- Manage policy rules that control how agents interact with external services. - name: User description: Manage your user profile and API keys. - name: Projects description: >- Manage projects within your organization. Requires admin role for create/update and owner role for delete. Cloud only. - name: Team description: Provision team members programmatically. Requires admin role. Cloud only. - name: Apps description: >- Manage app connections (OAuth and direct credentials) and BYOC configuration. - name: Organization Secrets description: >- Manage secrets at the organization level. Organization secrets apply across all projects. Cloud only. - name: Organization Rules description: >- Manage policy rules at the organization level. Organization rules apply across all projects. Cloud only. - name: Organization Connections description: Manage app connections at the organization level. Cloud only. - name: Organization App Config description: Manage BYOC app configuration at the organization level. Cloud only. - name: Partner Organizations description: >- Create and manage customer organizations as a partner. Requires a Partner API key. Cloud only. - name: Partner Projects description: Manage projects within an unclaimed partner organization. Cloud only. - name: Partner Secrets description: >- Manage partner-level secrets inherited by every organization you manage. Cloud only. - name: Partner Budgets description: >- Cap how much an organization can spend on a partner LLM key. Owner or admin only. Cloud only. - name: Partner Members description: >- Manage who can sign in to your partner portal. Owner or admin only. Cloud only. - name: Organization Partner description: Inspect and detach an organization's partner relationship. Cloud only. paths: /secrets: post: tags: - Secrets summary: Create a secret description: > Creates a new secret. The gateway uses secrets to inject credentials into outbound requests matching the host and path patterns. - **anthropic** and **openai** types are auto-configured. - **generic** type requires an `injectionConfig`. operationId: createSecret requestBody: required: true content: application/json: schema: type: object required: - name - type - value - hostPattern properties: name: type: string minLength: 1 maxLength: 255 example: Anthropic Production type: type: string enum: - anthropic - openai - generic value: type: string minLength: 1 maxLength: 10000 description: The secret value (API key, token, etc.) hostPattern: type: string description: Hostname pattern to match (no `://`, `/`, or spaces) example: api.anthropic.com pathPattern: type: string maxLength: 1000 description: Optional path pattern to match injectionConfig: $ref: '#/components/schemas/InjectionConfig' responses: '201': description: Secret created content: application/json: schema: $ref: '#/components/schemas/Secret' '400': description: Validation error content: application/json: schema: $ref: '#/components/schemas/Error' components: schemas: InjectionConfig: type: object nullable: true description: >- Configuration for how the gateway injects this secret into outbound requests. Secret: type: object properties: id: type: string name: type: string type: type: string enum: - anthropic - openai - generic hostPattern: type: string pathPattern: type: string nullable: true injectionConfig: $ref: '#/components/schemas/InjectionConfig' isPlatform: type: boolean scope: type: string typeLabel: type: string createdAt: type: string format: date-time Error: type: object properties: error: type: string required: - error securitySchemes: bearerAuth: type: http scheme: bearer description: API key obtained from the dashboard or `GET /user/api-key` ````