> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meshagent.com/llms.txt
> Use this file to discover all available pages before exploring further.

# HTTP Secret Proxy

> Use secrets without retrieving secret values directly.

The HTTP secret proxy lets a user or service account use a credential without exposing the secret value to the caller.

```text theme={null}
{api_url}/proxy-request?url={target_url}&secret-id={secret_id}
```

Add `user={email}` when the request should use a user-owned secret for a specific user.

## Authorization

OAuth callers must own the user secret. If `user` is supplied, it must match the OAuth subject.

API-key callers run as the API key's service account. The service account must have `use_proxy_secrets`, and the target secret must grant that service account per-secret `use_proxy`.

## Behavior

The proxy sets the upstream `Authorization` header from the secret value. OAuth credential secrets are refreshed when needed and saved as a new secret version.

The proxy supports normal HTTP requests, WebSocket upgrades, and streaming SSE responses.
