# Secrets

{% hint style="info" %}
This feature is only available to Pipes that have been created via the Pipekit Web UI, and only for non-CronWorkflow Pipes.
{% endhint %}

## Environments

In order to store key-value pairs in Pipekit, you must first create an Environment. Environments can be mapped to a specific [Run Condition](/pipekit/pipes/managing-pipes/run-sync-conditions.md). For example, you could have a collection of secrets to be run in a development Run Condition, and another collection of secrets to be run in a production Run Condition, both running on different clusters, with different git events triggering them.

To create an Environment, go to the Pipe that you wish to manage, and click the Secrets tab. If there is not already an environment set up for this pipe, you will be prompted to choose an environment name and optional description.

If an environment already exists, click the `+ Add Environment` button.

Once you have created an Environment, you can add secrets to it. Ensure the environment you wish to use is selected in the Environment dropdown, then add a key/value pair.

Click `+ Add Secret` to add another key/value pair.

Continue until you have added all the secrets you wish to use, and then click `Save`.

## Adding Secrets to a Run Condition

In order to pass the secrets to your running workflow, you must tell Pipekit which Environment each Run Condition should use. Go to the Run Conditions tab and select the environment you wish to use for each run condition. For more information, refer to the [Run Conditions](https://github.com/pipekit/pipeline-mono/blob/gitbook/docs/pipekit/pipes/managing-pipes/run-conditions.md) documentation.

## Using Secrets in your Workflow

Key/value pairs are automatically mounted into your workflow as Environment variables. For example, if you entered a key of `MY_SECRET` and a value of `my-secret-value`, you can access this in your workflow as `MY_SECRET`.

This example will output `my-secret-value` in the logs:

```yaml
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: test-secret
spec:
  entrypoint: test-secret
  templates:
    - name: test-secret
      container:
        image: ubuntu
        command:
            - /bin/bash
            - -c
            - |
              if [ "${MY_SECRET}" == "my-secret-value" ]
              then
                  echo "Secrets are working!"
                  echo ${MY_SECRET}
              else
                  echo "Secrets are not working!"
                  echo ${MY_SECRET}
                  exit 1
              fi
```

{% hint style="info" %}
Secrets are only made available to the Workflow that is triggered by the Run Condition. If you have a Workflow that triggers another Workflow or uses workflowTemplates, the secrets will not be passed to the second Workflow, or the workflowTemplate.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pipekit.io/pipekit/pipes/managing-pipes/secrets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.