Secrets
Secrets provides a secure environment for storing sensitive information such as tokens, keys, and credentials used across the ChatBotKit services. As a safeguard against exposure to external threats and to preserve data privacy, Secrets ensures that sensitive details remain protected within a secure vault. This feature is allowing customers to integrate and utilize secrets seamlessly within Skillset Abilities and other parts of the ChatBotKit Platform.
Key Features
Enhanced Security
Secrets serve as a secure vault where sensitive data is stored safely, ensuring that crucial information like tokens and credentials used for operating services and APIs are safeguarded from unauthorized access.
Seamless Integration
Within the ChatBotKit platform, Secrets can be easily referenced in Skillset Abilities. This integration simplifies the process of performing secure actions and requests by seamlessly substituting sensitive information with placeholders in code, thereby enhancing functionality without compromising security.
Data Privacy
The implementation of Secrets ensures that sensitive data required to perform actions never leaves the secure vault. It prevents any exposure of sensitive information to the underlying model or external entities, maintaining strict data confidentiality.
Secret Types
There are 5 secret types: plain, basic, bearer, oauth and template. Depending on the secret type, the system will use the correct session initialisation, headers and other supporting information to fulfil the request where the secret is assigned.
Here is a detailed view of each secret type:
Type | Description |
---|---|
plain | A plain secret is a secret value that is provided as is without any subsequent special handling or transformations. It is ideal for custom simple authentication mechanism as well as situations where a custom authentication system is in place. |
basic | Similar to basic authentication, the secret is encoded in base64 format with prefix Basic . |
bearer | The secret is provided as is but prefix with Bearer when added to the Authorization header. |
oauth | The system will perform OAuth authentication and authorization flow. You must provide oauth configuration information. |
template | A secret that is instantiated from a template. The template could be a secret corresponding to one of the 4 main types. |
OAuth Secrets
When creating OAuth Secrets you must provide a OAuth configuration. The easiest way to create an OAuth secret is via a Blueprint or one of the available templates. The configuration can be expressed as a YAML / JSON object that has the following structure:
clientId: 'YOUR CLIENT ID' clientSecret: 'YOUR CLIENT SECRET' tokenUrl: https://service/oauth/token authorizationUrl: https://service/oauth/authorize revokeUrl: https://service/oauth/revoke scope: | scope1 scope2
The revokeUrl
is not required but you can specify it if it is available by the upstream provider.
Once you setup the secret you will also need to setup a callback URL. The standard callback URL for all secrets that support oauth is:
"https://chatbotkit.com/secrets/${secretId}/oauth/callback"
Secret Kind
Secrets can be either authenticated by a developer, think of service account, or individual users. For this reason there are two distinct secret kinds: shared and personal.
Kind | Description |
---|---|
Shared | Corresponds to a secret that is authenticated by a developer and it is shared with the agent and the users of the agent. This is often the case where the remote system does not support multi-user accounts and thus there is a singular credentials for API access. |
Personal | Corresponds to a secret that must be authenticated by each user. This is often the case when dealing with multi-user systems where each user has unique permissions and access to specific resources. For example, if you want to allow the agent to act on behalf of user you will use the personal kind. |
How To Use Secrets
To utilize the Secrets within ChatBotKit, follow these simple steps:
- Storing Secrets:
- Navigate to the Secrets vault and securely store your sensitive information such as API keys, tokens, or credentials.
- Referencing Secrets in Skillset Abilities:
-
When creating or modifying a Skillset Ability that requires sensitive information, reference the stored secret in the action code using the syntax
${SECRET_NAME}
. This placeholder is replaced at runtime with the actual secret value, ensuring secure access and use. Here is an example of referencing a secret in a Skillset Ability by name:```fetch method: POST url: https://api.example.com/v1/database/search headers: Authorization: ${SECRET_MY_API_TOKEN} Content-Type: application/json body: query: $[query ys!|the search phrase or string] ```
-
It also possible to reference a default secret. The default secret is a secret that is directly connected to an ability. This is useful especially in the case of blueprints. To reference the default secret simply is
${SECRET_DEFAULT}
syntax). Here is an example of referencing a default secret:```fetch method: POST url: https://api.example.com/v1/database/search headers: Authorization: ${SECRET_DEFAULT} Content-Type: application/json body: query: $[query ys!|the search phrase or string] ```
-