The workflow vault stores sensitive values for workflows. Use it for API tokens, passwords, SMTP credentials, SSH material, webhook caller keys, or signing keys used by workflow authorizers. Vault values are returned as metadata after creation. The secret value itself is not exposed again through the API response.Documentation Index
Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
Before you create vault items, make sure you have:- Permission to manage workflow vault entries.
- A clear owner and rotation plan for each secret.
- The workflow or authorizer that will use the secret.
- An expiry date for credentials that should rotate.
Create A Secret
Create the item
Add a secret with a name between 3 and 50 characters. Use a name that describes the service and environment.
Generate A Workflow API Key
For workflow API keys, create a vault item whose name starts withapi-key:. SDX generates a key with the wfk_ prefix and shows it once.
Where Vault Items Are Used
Common vault-backed workflow uses include:- Authorization headers for external HTTP calls.
- SMTP passwords.
- SSH credentials.
- SOAP authentication material.
- Static signing keys for authorizers.
- Workflow API keys for inbound requests.
Rotation And Deletion
When rotating a credential:- Create or update the vault item.
- Test the workflow node that uses it.
- Run a controlled workflow test.
- Watch the first production run after activation.
- Delete stale vault items only after all workflows have moved to the new secret.
Related Pages
Workflow authorizations
Understand user-delegated workflow access.
Build workflows
Use vault-backed secrets safely inside nodes.