Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.edgespark.dev/llms.txt

Use this file to discover all available pages before exploring further.

Secrets are encrypted key-value pairs stored on the platform. Use them for API keys, webhook signing secrets, and other sensitive values you cannot commit to your repository.
When you run edgespark secret set, secret values never go through your terminal, agent context, or third-party LLM APIs such as Anthropic, Google, or OpenAI. EdgeSpark opens a secure browser URL so the human owner can enter the secret value directly.

Register secret keys

Use the CLI to register secret names: 
edgespark secret set STRIPE_SECRET_KEY OPENAI_API_KEY
The CLI returns a secure EdgeSpark project URL where a human owner enters the values in the browser. Secret values do not pass through the terminal, CLI output, agent context, or third-party LLM APIs. This workflow exists specifically to protect secrets from accidental exposure while still allowing an AI coding agent to do the rest of the setup work. List registered secret names with: 
edgespark secret list
Delete secrets by name with: 
edgespark secret delete OPENAI_API_KEY

Read a secret

Declare the key in server/src/defs/runtime.ts first:
server/src/defs/runtime.ts
export type VarKey = never;

export type SecretKey =
  | "STRIPE_SECRET_KEY";
Then read it in your route handler:
server/src/index.ts
import { secret } from "edgespark";
import { Hono } from "hono";

const app = new Hono().post("/api/charge", async (c) => {
  const amount = (await c.req.json<{ amount: number }>()).amount;
  const stripeKey = secret.get("STRIPE_SECRET_KEY");

  const response = await fetch("https://api.stripe.com/v1/payment_intents", {
    method: "POST",
    headers: {
      Authorization: `Bearer ${stripeKey}`,
      "Content-Type": "application/x-www-form-urlencoded",
    },
    body: new URLSearchParams({
      amount: String(amount),
      currency: "usd",
    }),
  });

  return c.json(await response.json());
});

export default app;

Environment scope

Secrets are environment-scoped. Today, new projects expose one default production environment, so you set and read secrets for that current environment.
Public staging support is coming soon. When it lands, staging and production will have separate secret stores. See platform limits for naming and quota constraints.

See also

secret reference

The runtime API for reading secrets by name.

Development workflow

How secrets fit into the full repo-based workflow for schema, storage, auth config, vars, and deploys.
Last modified on April 7, 2026