> ## Documentation Index
> Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a new secret

> Create a new encrypted secret with a unique key



## OpenAPI

````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/secrets.yaml post /api/secrets
openapi: 3.0.3
info:
  title: Insforge Secrets API
  version: 1.0.0
  description: >-
    Secure secrets management for storing API keys, tokens, and sensitive
    configuration
servers: []
security: []
paths:
  /api/secrets:
    post:
      tags:
        - Admin
      summary: Create a new secret
      description: Create a new encrypted secret with a unique key
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - key
                - value
              properties:
                key:
                  type: string
                  pattern: ^[A-Z0-9_]+$
                  description: >-
                    Unique key identifier (uppercase letters, numbers,
                    underscores only)
                  example: STRIPE_API_KEY
                value:
                  type: string
                  description: Secret value to be encrypted
                  example: sk_live_...
                isReserved:
                  type: boolean
                  default: false
                  description: Whether the secret is protected from deletion
                expiresAt:
                  type: string
                  format: date-time
                  nullable: true
                  description: Optional expiration date for the secret
      responses:
        '201':
          description: Secret created successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                  message:
                    type: string
                  id:
                    type: string
                    format: uuid
              example:
                success: true
                message: Secret STRIPE_API_KEY has been created successfully
                id: 123e4567-e89b-12d3-a456-426614174000
        '400':
          description: Invalid input
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              examples:
                missingFields:
                  value:
                    error: INVALID_INPUT
                    message: Both key and value are required
                    statusCode: 400
                invalidKeyFormat:
                  value:
                    error: INVALID_INPUT
                    message: >-
                      Invalid key format. Use uppercase letters, numbers, and
                      underscores only (e.g., STRIPE_API_KEY)
                    statusCode: 400
        '409':
          description: Secret already exists
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error: INVALID_INPUT
                message: 'Secret already exists: STRIPE_API_KEY'
                statusCode: 409
      security:
        - bearerAuth: []
components:
  schemas:
    ErrorResponse:
      type: object
      required:
        - error
        - message
        - statusCode
      properties:
        error:
          type: string
          description: Error code for programmatic handling
          example: INVALID_INPUT
        message:
          type: string
          description: Human-readable error message
          example: Invalid input data
        statusCode:
          type: integer
          description: HTTP status code
          example: 400
        nextActions:
          type: string
          description: Suggested action to resolve the error
          example: Check the request body format
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````