Latch / Docs
get started

Secrets

The real credential. Stored once, never returned.

A Secret is a real credential: an OpenAI key, a Stripe key, a database password. You give it to Latch once. Latch encrypts it, and never gives it back. Not to you, not to the dashboard, not to a caller. From that point on you refer to it by name.

This is the whole trick. Everything else in Latch exists to let something use a credential without holding it.

Binding a credential

Secrets → New secret opens "Bind a credential".

Field What it is
Name How you will refer to it. Must be unique.
Type api_key, bearer_token, oauth_token, oauth_client, oauth_refresh, webhook, or custom. Descriptive; it does not change behaviour.
Credential The secret itself. Write-only: once saved you cannot read it back.
Inject as How Latch presents it to the upstream. See below.

Inject as

The upstream expects the credential in a particular place. This tells Latch where to put it when it forwards a request.

Mode What Latch sends
bearer Authorization: Bearer <credential>
api_key_header An API-key header, e.g. X-API-Key: <credential>
custom_header A header you name, carrying the credential
query_param A query parameter you name
body A field injected into the request body

custom_header and query_param take a key: the header name, or the parameter name.

Get this wrong and the upstream will reject your calls with its own 401, which is a confusing failure because the pipeline allowed the request. If a latch is returning the upstream's 401, check the injection mode before you check the policy.

Viewing a secret

The Secrets page lists each credential and the latches derived from it. There is no "reveal" button, because there is nothing to reveal: the plaintext left the building when you saved it.

Deleting a secret cascades to every latch derived from it, and the dashboard warns you before it does.

Rotating a credential

Rotation is a property of the secret, not the latches. Update the credential, and every latch that derives from it immediately forwards the new one. Nothing that holds a lat_ token needs to change, because no lat_ token ever contained the credential in the first place.

The inverse is also true and is the point: revoking a latch does not require rotating the credential. Delete the latch, and the agent holding it is cut off while every other consumer keeps working.

Next