Stand with Ukraine flag
Pricing Try it now
Cloud
Community Edition Professional Edition Cloud Edge PE Edge IoT Gateway License Server Trendz Analytics Mobile Application PE Mobile Application MQTT Broker
North America
North America N. Virginia Europe Frankfurt
Documentation > Security > Secrets storage
Getting Started
Devices Library Guides API FAQ
On this page

Secrets storage

Available since TB Version 4.1

Secrets storage is a place for secure storage and convenient management of sensitive information such as API keys, tokens, passwords, certificates, etc. All information is stored as Secrets, with their values securely encrypted and inaccessible to end users. This allows confidential data to be shared or used without directly exposing its contents.

Once created, Secrets can be safely used in integrations and rule nodes, eliminating the need to enter sensitive data directly in the configuration. This greatly enhances system security and reduces the risk of unauthorized access or data leakage.

Using Secrets storage allows you to:

  • Store and manage confidential data in a centralized way.
  • Manage secrets with flexible, role-based access control.
  • Securely share sensitive information with your clients without revealing its contents.
  • Enhance security and minimize the risk of information leaks.

Best practices

  • Always use Secrets storage instead of hard-coding sensitive information.
  • Regularly update Secrets and manage access according to the principle of least privilege.

Creating the Secret

  • Go to the” Secrets storage” page in the “Security” section.
  • Click the “plus” icon (Add secret) in the top-right corner.
  • Select secret type:
    • File — the value is provided by uploading a file, for example, a certificate.
    • Text — the value is entered directly as text, for example, password, token, or API key.
  • Enter the secret's name and its text value (for the “Text” type) or upload a certificate file (for the “File” type).
  • Click “Add”.

ThingsBoard automatically encrypts Secret values using the AES-256 encryption algorithm.

Go to the "Secrets storage" page of the "Security" section. Click the "plus" (Add secret) icon in the upper right corner.
Go to the "Secrets storage" page of the "Security" section. Click the "plus" (Add secret) icon in the upper right corner.
Select secret type: Text or File. Next, enter the secret's name and its text value (for the "Text" type) or upload a certificate file (for the "File" type). Then, click "Add".
Select secret type: Text or File. Next, enter the secret's name and its text value (for the "Text" type) or upload a certificate file (for the "File" type). Then, click "Add".
ThingsBoard automatically encrypts Secret values using the AES-256 encryption algorithm.
ThingsBoard automatically encrypts Secret values using the AES-256 encryption algorithm.

Update the Secret’s value

If needed, you can update the value and description of the Secret.

The Secret's name cannot be modified.

  • Click the “Change value” icon next to the Secret you want to update.
  • Enter the new value and click “Save”.
Click the "Change value" icon next to the Secret you want to update.
Click the "Change value" icon next to the Secret you want to update.
Enter the new value and click "Save".
Enter the new value and click "Save".

How to use Secrets in ThingsBoard

Once Secrets are created, you and other users with the appropriate permissions can use them in:

  • Rule chains – in specific nodes that support secret injection.
  • Integrations – for example, in fields where you enter passwords for external services and system accounts.

Fields that support using a Secret display a key icon.


Let's look at an example of using a Secret in a Loriot integration. Instead of manually entering your Loriot account password, we'll use a pre-created Secret for secure access.

  • In the “Password” field, click the “key” icon to select and use the Secret.
  • If the Secret has already been created, select “Use storage”, pick the desired Secret from the dropdown menu, and click “Use”.
In the "Password" field, click the "key" icon to select and use the Secret.
In the "Password" field, click the "key" icon to select and use the Secret.
If the Secret has already been created, select "Use storage", pick the desired Secret from the dropdown menu, and click "Use".
If the Secret has already been created, select "Use storage", pick the desired Secret from the dropdown menu, and click "Use".
The "Password" field use the value from Secret.
The "Password" field use the value from Secret.

Managing access to Secrets storage

ThingsBoard enables user access management to Secrets storage through role-based access control (RBAC). Only users with appropriate permissions can create, use, edit, or delete Secrets.

Delete the Secret

To delete a Secret:

  • Click the trash bin icon at the end of its row.
  • Confirm the deletion.
Click the "trash bin" icon at the end of its row.
Click the "trash bin" icon at the end of its row.
Confirm the deletion.
Confirm the deletion.

Note: The Secret cannot be deleted if it's used by other entities on the platform.
First, remove all references to the Secret from the listed entities, then try deleting it again.

Next steps