- Project
keyssecrets for shared runtime credentials used by project services - Room secrets for room-scoped or identity-scoped credentials used by room services, toolkits, and participants
- Image pull secrets for registry credentials used only to pull private images
How to choose
| Secret type | Use it for | Stored in | Read by | How you reference it |
|---|---|---|---|---|
Project keys secret | Shared runtime credentials for project services | The project | The running service container | container.secrets |
| Room secret | Room-local or identity-scoped credentials for room services, toolkits, and participants | A room, scoped to an identity | A room service, toolkit, or participant flow | container.environment[].secret, room.secrets, --header-secret |
| Image pull secret | Credentials to pull a private container image | The project | MeshAgent while pulling the image | container.pull_secret |
keys secret when the running service needs the credential at runtime. Use a room secret when the credential belongs to one room or one identity. Use an image pull secret when MeshAgent only needs the credential to download the image before startup.
For OpenAI and Anthropic specifically, check whether you should use MeshAgent Studio Integrations and the LLM proxy instead of creating a generic secret. MeshAgent can use its managed routing by default, or let you switch to your own provider credentials at the project level.
Related concepts
Two related concepts often appear next to secrets, but they are not secret types:- Token: a MeshAgent-issued credential that gives a service access to MeshAgent APIs
- Plain environment variable: a literal value written directly into a service spec or passed at launch
- Tokens authorize MeshAgent access
- Secrets store sensitive values
- Environment variables are one way to deliver values into a container
What a secret does and does not do
A secret is meant to keep a sensitive value out of your manifest, source code, and UI while still making it available to the specific runtime that needs it.- the service process can read a secret that is injected at runtime
- the model does not automatically see that secret value
- the value is only exposed to the model if your code, tools, logs, or prompts explicitly pass it through
- they are stored securely
- they are delivered only to the specific service that needs them
- they are not hardcoded in YAML or checked into source control
- they can be rotated or revoked without changing the service code
If you are packaging and sharing a service
ServiceTemplate is the secure way to collect installer-provided secrets when you are sharing an agent, toolkit, or service with other people.
It does not create a fourth secret type. Instead:
- a
ServiceTemplatevariable is the input field shown to the installer - Powerboards can store that value as a room secret using
meshagent.secret.*annotations - the installed service later reads that stored room secret with
secret:
- a GitHub agent where each installer provides their own GitHub token
- a Supabase toolkit where each installer provides their own Supabase token
- a Stripe-enabled service where each installer provides their own Stripe secret key
meshagent room secret set.
Next steps
- Learn how shared runtime credentials work in Project Secrets.
- Learn how private registry credentials work in Image Pull Secrets.
- Learn how room- and identity-scoped credentials work in Room Secrets.
- Learn the advanced token-request and refresh flow in OAuth with Room Secrets.
- See the full service fields in Packaging and Deploying Services.