SpinupSpinup Docs
Features

Secrets

Workspace credentials Spinup projects into a Spinup Agent environment under stable names, returning masked metadata to readers.

A secret is a credential you store in a workspace and let Spinup project into agent environments under a stable name. Secrets live above any one harness or runtime instance, so the same credential can flow into different harnesses on the same agent.

What you control

You create secrets in the workspace and bind them to the agents and capabilities that need them. A secret has a display name, a projection name the runtime sees (for example OPENROUTER_API_KEY), and a value you submit once.

Today, secret management lives in the dashboard.

What Spinup does

Spinup keeps the secret value in a workspace-scoped secrets store. When the environment needs it, Spinup projects the secret into the agent runtime under the stable projection name the capability declared.

API and UI reads return masked metadata only. The display name, projection name, and a masked preview are visible. The full value is not returned through /v1 or the dashboard.

Where to go next

  • See how secrets fit into the agent object in Spinup Agents.
  • See how capabilities declare the secret bindings they need in Capabilities.

MCP Servers

External tool servers Spinup can configure for the harness running inside a Spinup Agent environment.

Runtime Policies

Rules Spinup keeps with a Spinup Agent that govern what may be installed, projected, or accessed in the environment.

On this page

What you controlWhat Spinup doesWhere to go next