> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mixpeek.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Secret

> Create a new secret in organization vault.

**Security**:
- Secret value is encrypted at rest using Fernet encryption
- Encrypted using ENCRYPTION_KEY from environment
- Decrypted value is NEVER returned in API responses
- Only secret names are exposed in list operations

**Use Cases**:
- Store API keys for external services (Stripe, GitHub, etc.)
- Store authentication tokens for api_call retriever stage
- Store credentials for third-party integrations

**Important**:
- Secret names must be unique within organization
- Use update endpoint to modify existing secrets
- Delete and recreate if you forget the value



## OpenAPI

````yaml post /v1/organizations/secrets
openapi: 3.1.0
info:
  title: Mixpeek API
  description: >-
    This is the Mixpeek API, providing access to various endpoints for data
    processing and retrieval.
  termsOfService: https://mixpeek.com/terms
  contact:
    name: Mixpeek Support
    url: https://mixpeek.com/contact
    email: info@mixpeek.com
  version: '0.82'
servers:
  - url: https://api.mixpeek.com
    description: Production
security: []
paths:
  /v1/organizations/secrets:
    post:
      tags:
        - Organization Secrets
      summary: Create Secret
      description: |-
        Create a new secret in organization vault.

        **Security**:
        - Secret value is encrypted at rest using Fernet encryption
        - Encrypted using ENCRYPTION_KEY from environment
        - Decrypted value is NEVER returned in API responses
        - Only secret names are exposed in list operations

        **Use Cases**:
        - Store API keys for external services (Stripe, GitHub, etc.)
        - Store authentication tokens for api_call retriever stage
        - Store credentials for third-party integrations

        **Important**:
        - Secret names must be unique within organization
        - Use update endpoint to modify existing secrets
        - Delete and recreate if you forget the value
      operationId: create_secret_v1_organizations_secrets_post
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateSecretRequest'
      responses:
        '201':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    CreateSecretRequest:
      properties:
        secret_name:
          type: string
          maxLength: 100
          minLength: 1
          title: Secret Name
          description: >-
            REQUIRED. Name/key for the secret. Use descriptive names that
            indicate the service and purpose. Must be unique within the
            organization. Format: lowercase with underscores (e.g.,
            'stripe_api_key'). Common patterns: '{service}_{type}_{environment}'
            like 'stripe_api_key_prod'. This name is used to reference the
            secret in api_call stage configuration. Examples: 'stripe_api_key',
            'github_token', 'openai_api_key', 'weather_api_key'.
          examples:
            - stripe_api_key
            - github_token
            - openai_api_key
            - weather_api_key
        secret_value:
          type: string
          minLength: 1
          title: Secret Value
          description: >-
            REQUIRED. Plaintext secret value to encrypt and store. This value
            will be encrypted at rest using Fernet encryption. The encrypted
            value is stored in MongoDB with the organization document. The
            plaintext value is NEVER logged or exposed in API responses. Only
            the secret name is visible when listing secrets. Use this field to
            store: API keys, tokens, passwords, credentials. Format: any string
            (will be encrypted as-is). For Basic auth, use format
            'username:password'.
          examples:
            - sk_test_abc123...
            - ghp_abc123...
            - abc123def456
      type: object
      required:
        - secret_name
        - secret_value
      title: CreateSecretRequest
      description: |-
        Request to create a new secret in the organization vault.

        Secrets are encrypted at rest using Fernet encryption and stored in the
        organization document. Use secrets to securely store API keys, tokens,
        and credentials for external services.

        **Use Cases**:
        - Store API keys for Stripe, GitHub, OpenAI, etc.
        - Manage authentication tokens for api_call retriever stage
        - Store credentials for third-party integrations

        **Security**:
        - Secret values are encrypted using ENCRYPTION_KEY from environment
        - Decrypted values are NEVER returned in API responses
        - Only secret names are exposed in list operations
        - Access is logged for audit trail

        **Requirements**:
        - secret_name: REQUIRED, must be unique within organization
        - secret_value: REQUIRED, plaintext value to encrypt

        **Permissions**: Requires ADMIN permission to create secrets.
      examples:
        - description: Store Stripe API key for payment processing
          secret_name: stripe_api_key
          secret_value: YOUR_STRIPE_API_KEY
        - description: Store GitHub Personal Access Token
          secret_name: github_pat
          secret_value: ghp_abc123def456ghi789jkl012mno345
        - description: Store OpenAI API key for LLM calls
          secret_name: openai_api_key
          secret_value: sk-proj-abc123def456ghi789
        - description: Store Weather API key
          secret_name: weather_api_key
          secret_value: abc123def456ghi789
    SecretResponse:
      properties:
        secret_name:
          type: string
          title: Secret Name
          description: >-
            Name of the secret that was operated on. This is the same name
            provided in the request. Use this name to reference the secret in
            api_call stage configuration.
          examples:
            - stripe_api_key
            - github_token
            - openai_api_key
        created:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Created
          description: >-
            True if this secret was created, null otherwise. Only set for POST
            /secrets operations.
        updated:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Updated
          description: >-
            True if this secret was updated, null otherwise. Only set for PUT
            /secrets/{name} operations.
        deleted:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Deleted
          description: >-
            True if this secret was deleted, null otherwise. Only set for DELETE
            /secrets/{name} operations.
      type: object
      required:
        - secret_name
      title: SecretResponse
      description: >-
        Response for secret operations (NEVER includes actual decrypted value).


        This response is returned after creating, updating, or deleting a
        secret.

        For security, the actual secret value is NEVER included in API
        responses.

        Only the secret name and operation status are returned.


        **Security**:

        - Decrypted secret values are NEVER included

        - Only secret name and operation status returned

        - Actual value only accessible by internal services


        **Fields**:

        - secret_name: Name of the secret that was operated on

        - created: True if secret was created (null for other operations)

        - updated: True if secret was updated (null for other operations)

        - deleted: True if secret was deleted (null for other operations)
      examples:
        - created: true
          description: Secret created successfully
          secret_name: stripe_api_key
        - description: Secret updated successfully
          secret_name: github_token
          updated: true
        - deleted: true
          description: Secret deleted successfully
          secret_name: old_api_key
    ErrorResponse:
      properties:
        success:
          type: boolean
          title: Success
          description: Always false for error responses
          default: false
        status:
          type: integer
          title: Status
          description: HTTP status code for this error
        error:
          $ref: '#/components/schemas/ErrorDetail'
          description: Error details payload
      type: object
      required:
        - status
        - error
      title: ErrorResponse
      description: Error response model.
      examples:
        - error:
            details:
              id: ns_123
              resource: namespace
            message: Namespace not found
            type: NotFoundError
          status: 404
          success: false
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    ErrorDetail:
      properties:
        message:
          type: string
          title: Message
          description: Human-readable error message
        type:
          type: string
          title: Type
          description: Stable error type identifier (machine-readable)
        code:
          anyOf:
            - type: string
            - type: 'null'
          title: Code
          description: >-
            Fine-grained error code for programmatic handling (e.g.,
            namespace_name_taken, feature_extractor_not_found). Present only
            when consumers may need to branch on a specific error condition.
        details:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Details
          description: >-
            Optional structured details to help debugging (validation errors,
            IDs, etc.)
      type: object
      required:
        - message
        - type
      title: ErrorDetail
      description: Error detail model.
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError

````