The System Secret Vault is a secure storage mechanism provided by HookPulse to store sensitive values that are used during webhook execution. These secrets are hidden and get recalculated (computed) at the time of webhook call.Documentation Index
Fetch the complete documentation index at: https://docs.hookpulse.io/docs/llms.txt
Use this file to discover all available pages before exploring further.
How It Works
System secrets are stored securely in the HookPulse vault and can be accessed in your webhook templates using a special syntax. When a webhook is executed, HookPulse automatically retrieves and injects the secret values into your webhook requests.Template Syntax
To access a system secret in your webhook templates, use the following syntax:#is required to indicate this is a system secretkeyis the variable name of the secret stored in the vault
Usage Examples
In Request Headers
In Request Body
In Query Parameters
In URL Path
Security Features
- Encrypted Storage: All secrets are stored encrypted in the HookPulse vault
- Runtime Injection: Secrets are only retrieved and injected at the time of webhook execution
- No Exposure: Secret values are never exposed in logs, responses, or documentation
- Access Control: Only authenticated users with proper API credentials can manage secrets
Best Practices
- Use Descriptive Names: Choose clear, descriptive names for your secret keys (e.g.,
stripe_api_keyinstead ofkey1) - Rotate Regularly: Update secret values periodically for enhanced security
- Separate Environments: Use different secrets for development, staging, and production
- Never Hardcode: Always use the vault instead of hardcoding sensitive values in your webhook templates
Related APIs
- Add System Secret - Store a new secret in the vault
- Get Secrets Paginated - List all secrets with pagination
- Update Secret Value - Update an existing secret’s value
- Get Value of Secret - Retrieve a specific secret’s value
- Delete Secret - Remove a secret from the vault