Sokko Docs
Guides

Secrets and API keys

Give your agent access to other tools and services without putting keys in your code or your chat.

Secrets are the private keys and tokens your agent needs to reach other services — a provider API key, a database password, an access token for a tool. You add them once, and Sokko keeps them in secure storage and hands them to the agent when it runs. They never sit in your code, and they are never shown back to you in full.

Add a secret

Open the Secrets tab

Go to your agent in the dashboard and open Secrets.

Add a name and value

Give the secret a name (like OPENAI_API_KEY) and paste its value.

Redeploy

Save, then redeploy so the agent picks up the new secret.

Your agent reads secrets the same way a program reads its environment, so most tools and libraries find them automatically by name.

Import a whole .env at once

If you already have a .env file full of keys, you do not have to add them one by one. Import the whole file:

  • From the dashboard: use Import in the Secrets tab and upload your .env.
  • From the terminal: the sokko CLI can bring your .env over as part of sokko migrate.

Each line becomes its own secret.

Treat secrets like passwords. Do not paste keys into chat with your agent — add them here instead, so they stay out of your messages and logs.

A note on channel and model keys

Some keys are managed for you and will not show up in the Secrets tab:

  • The Telegram bot token you connect in Channels is stored for you and kept out of this list.
  • The model key you paste for BYOK is handled the same way.

That is on purpose — those flows manage their own keys so you do not have to.

On this page