Agent Builder provides Vault, which is a secure way to store and use secrets in your agents. Use Vault to store sensitive information like API keys, passwords, and other credentials that you don’t want to expose in your code. Secrets are available in blueprint blocks and within Python code. Vault overview

Create a secret

Secrets are strings stored as key-value pairs. To create a secret, go to the Vault tab in the Agent Builder UI and click +Add a pair. The example below creates a secret with the name WRITER_API_KEY. When you type the value, it’s masked in the UI. Click Save to store the secret. Add a secret You can also delete and update secrets from the Vault tab.

Where secrets are available

Within Python code, Vault is a runtime-only feature that’s injected into specific execution contexts, not into the main module scope. It isn’t a global variable and is only available in the execution context of the blueprint. This design provides security benefits:
  • Secrets are only loaded when needed
  • Access is limited to proper execution contexts
  • No global exposure of sensitive data
The vault is only available in these specific contexts:
  • Event handlers and blueprint code blocks: Secrets are injected into event handlers and blueprint code blocks when they run. This includes:
    • Button click handlers
    • Form submission handlers
    • Page load handlers
    • Custom event handlers
  • Blueprint execution environment: Secrets are injected into the blueprint execution environment when the blueprint runs and can be referenced from any blueprint block.

Examples

Secrets in Python code blocks

You can reference secrets in Python code blocks within blueprints using the vault object. vault is a dictionary that contains all the secrets in your blueprint. For example, to access a secret called API_KEY and use it in an HTTP request, you would use the following code: 
headers = {
    "Authorization": f"Bearer {vault['API_KEY']}"
}

Event handler with vault access

Vault is also provided as an argument to event handlers. Here’s an example of an event handler that’s triggered when a button is clicked and accesses the vault. 
def handle_button_click(state, payload, context, session, ui, blueprint_runner, vault):
    # Access vault secrets
    api_key = vault.get('API_KEY')
    
    # Use the secret
    headers = {"Authorization": f"Bearer {api_key}"}