Secrets
Workspace-scoped secrets backends and automatic mirroring to the cloud at deploy time.
Secrets
AgentBreeder treats secrets as a first-class workspace resource. Each
developer (or team workspace) chooses one secrets backend, sets values once,
and agentbreeder deploy automatically mirrors the values it needs to the
target cloud's native secrets manager — granting the agent's runtime
identity read access to only the secrets it declares.
You never embed a secret value in agent.yaml. You reference it by name:
deploy:
cloud: aws
secrets:
- OPENAI_API_KEY
- ZENDESK_API_TOKENAt deploy time AgentBreeder reads OPENAI_API_KEY and ZENDESK_API_TOKEN
from your workspace backend, mirrors each into AWS Secrets Manager under
the deterministic name agentbreeder/<agent-name>/<secret-name>, and wires
the running container's env to a Secrets Manager valueFrom reference. The
value never lands on disk in the deploy bundle and never appears in CI logs.
Workspace backends
A workspace is the unit that owns a set of secrets. The default workspace
config lives at ~/.agentbreeder/workspace.yaml:
workspace: default
secrets:
backend: keychain # env | keychain | aws | gcp | vault
options:
# region: us-east-1 # for aws
# project_id: my-proj # for gcp
# mount: secret # for vaultNote: in v2.0 the only workspace key the engine reads is
secrets:. The full workspace primitive (agentbreeder workspace init, multi-cloud config, per-workspace gateway block) is tracked at #146 and lands in v2.x — until then, secrets are the supported field.
If the file is missing, AgentBreeder picks an install-mode-aware default:
AGENTBREEDER_INSTALL_MODE | Default backend |
|---|---|
cloud | aws |
team (with VAULT_ADDR ) | vault |
team | env (with deprecation warning) |
| (unset — single-user CLI) | keychain |
Backend matrix
| Backend | Where it stores values | Best for |
|---|---|---|
keychain | OS credential store (macOS Keychain, libsecret, Windows Credential Manager) via the keyring library | Single-user local development |
env | .env file in the project directory | CI runners, container images that mount .env at runtime |
aws | AWS Secrets Manager | SaaS deploys to AWS |
gcp | GCP Secret Manager | SaaS deploys to GCP |
vault | HashiCorp Vault (KV v2) | Self-hosted enterprise teams |
The keychain backend partitions secrets by workspace name — multiple workspaces on the same machine never read each other's values.
CLI
# Set a secret in the workspace backend (prompted securely; never echoed).
agentbreeder secret set OPENAI_API_KEY
# List secrets (names + masked metadata only — values are NEVER printed).
agentbreeder secret list
# Rotate a secret (paste the new value when prompted).
agentbreeder secret rotate OPENAI_API_KEY
# Mirror selected secrets to a cloud backend (the same operation that
# runs implicitly inside `agentbreeder deploy`).
agentbreeder secret sync --target aws
agentbreeder secret sync --target gcp --include OPENAI_API_KEY --dry-run
# One-time migration between backends (e.g. dev → prod).
agentbreeder secret migrate --from env --to awsAll mutating commands (set, rotate, delete, sync) emit audit events —
secret.created, secret.rotated, secret.deleted, secret.mirrored — that
appear in the dashboard's audit log.
Auto-mirror at deploy
v2.0 cloud coverage: auto-mirror ships for AWS ECS Fargate and GCP Cloud Run. Azure Container Apps, AWS App Runner, and Kubernetes auto-mirror are tracked for v2.x — for those targets today, use
agentbreeder secret sync --target <cloud>ahead of deploy or set the values manually in the cloud console.
When you run agentbreeder deploy against AWS or GCP and your agent.yaml
declares deploy.secrets, the engine:
- Reads each value from the workspace backend.
- Writes it to the target cloud's secrets manager under
agentbreeder/<agent-name>/<secret-name>(idempotent: re-deploys add a new version rather than creating a duplicate). - Grants the agent's runtime service account secretAccessor (GCP) or
secretsmanager:GetSecretValue(AWS) on only the secrets that agent uses. - Wires the container env so
OPENAI_API_KEYresolves at runtime to the cloud-native value reference (no plaintext ever flows through the container image). - Records a
secret.mirroredaudit event per secret.
The mirror runs inside the existing deploy step — it does not change the sacred deploy pipeline contract. If a referenced secret is missing from the workspace backend, the deploy logs a warning and continues; the env var is simply absent from the running container.
Dashboard
Navigate to Settings → Secrets (/settings/secrets) to see the workspace's
secrets list with masked metadata, current backend, and a per-secret rotate
action. The dashboard never fetches a secret value — only metadata.
Per-agent auth tokens
Every deployed agent's runtime is gated by a bearer token (AGENT_AUTH_TOKEN).
The dashboard's Invoke tab on /agents/{id} resolves this token
server-side from the workspace secrets backend so the value never enters
the browser. The convention is a deterministic name keyed by the agent:
agentbreeder/<agent-name>/auth-tokenSet or rotate it the same way you manage any other workspace secret:
# Set the token (prompted securely; never echoed).
agentbreeder secret set <agent-name>/auth-token
# Rotate it (paste the new value when prompted).
agentbreeder secret rotate <agent-name>/auth-tokenResolution order inside POST /api/v1/agents/{id}/invoke:
- The request body's optional
auth_tokenfield — explicit override, kept for power users / SDK callers / tests. - The workspace secrets backend at
agentbreeder/<agent-name>/auth-token. - The legacy env var
AGENT_<UPPER_SNAKE>_TOKENon the API host (deprecated; kept for back-compat with installs that pre-date workspace secrets).
If none of the three resolve, the proxy forwards the request without an
Authorization header and the runtime returns 401 — that surfaces a clear
"set the secret" message to the caller without leaking 500s on missing
secrets.
Related
agent.yamlreference —deploy.secrets- CLI reference —
agentbreeder secret - Authentication