Harbor
Guides

Secrets

Store credentials so agents never handle them directly.

Secrets

Secrets are credentials that plugins need — API keys, bearer tokens. Stored encrypted in Harbor. Agents never see the values; Harbor injects them at plugin execution time.

Adding a secret

Dashboard → SecretsAdd secret:

  • Name — e.g. LINEAR_API_KEY, ANTHROPIC_API_KEY
  • Value — the credential (password field, never shown again)
  • Referenced plugins — comma-separated list of plugin slugs that use this secret

Referencing secrets in plugins

Each plugin definition declares which secrets it needs (e.g. auth.secrets: ["MODAL_TOKEN_ID", "MODAL_TOKEN_SECRET"]). When a plugin's required secrets aren't configured, it shows as missing_secrets in harbor status and the dashboard shows it as "Needs setup".

In the dashboard Plugins page, each plugin's expanded detail shows its required secrets with status:

  • Configured — green dot, shows "Last updated" timestamp, with Delete button
  • Not configured — muted dot, shows password input + Save button

Some secrets have a "Get key" link that points to the provider's key management page.

Updating a secret

Dashboard → Secrets → click Edit on the secret → enter new value → Update. The name stays the same. All plugins referencing it pick up the new value on the next run.

Deleting a secret

Dashboard → Secrets → click Delete. A confirmation dialog warns that plugins depending on the secret will lose access.

Workspace

The tenancy boundary in Harbor.

MCP Sources

Connect remote MCP servers to Harbor.

On this page

SecretsAdding a secretReferencing secrets in pluginsUpdating a secretDeleting a secret