Skip to main content
PUT
/
secrets
Create a new secret
curl --request PUT \
  --url https://api.nexrender.com/api/v2/secrets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "value": "<string>"
}
'
{
  "error": "<string>",
  "details": [
    {
      "field": "<string>",
      "message": "<string>"
    }
  ]
}

What Are Secrets?

Secrets are securely stored values that can be referenced in job payloads or upload configurations.
They are encrypted, team-scoped, and never exposed in plaintext once created. Use secrets to keep API keys, S3 credentials, or other sensitive environment variables out of job definitions.

Endpoints

List Secrets

curl -X GET https://api.nexrender.com/api/v2/secrets \
  -H "Authorization: Bearer YOUR_API_KEY"

Create or Update a Secret

curl -X PUT https://api.nexrender.com/api/v2/secrets \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "AWS_ACCESS_KEY_ID",
    "value": "AKIAIOSFODNN7EXAMPLE"
  }'
If a secret with the same name exists, that would result into error:
Secret Already Exists
{
    "error": "A secret with this name already exists in your team"
}

Using Secrets in Rendering Jobs

When defining upload configuration or other sensitive fields inside a job payload, you can reference secrets by name instead of hardcoding credentials: 
{
  "upload": {
    "provider": "s3",
    "params": {
      "region": "us-east-1",
      "bucket": "my-renders",
      "accessKeyId": "${secret.AWS_ACCESS_KEY_ID}",
      "accessKeySecret": "${secret.AWS_SECRET_ACCESS_KEY}"
    }
  }
}
This way, Nexrender Cloud will resolve secrets at runtime without ever exposing their values in logs or responses. Secrets can be used in upload object, assets, and in webhook fields.

Removing Secrets

  curl --request DELETE \
  --url https://api.nexrender.com/api/v2/secrets/<SECRET_ID> \
  --header "Authorization: Bearer <YOUR_API_TOKEN>"
The endpoint returns 200 OK on success and typically no response body.

Best Practices

  • Use secrets for all credentials (API keys, S3 credentials, webhooks with auth).
  • Rotate secrets regularly (re-upload them via the PUT /secrets endpoint).
  • Prefer fine-grained secrets (per-project, per-environment) rather than global catch-alls.

Authorizations

Authorization
string
header
required

Bearer token authentication using API tokens for team-based access control.

You can generate your own API token at: https://app.nexrender.com/team/settings

Body

application/json

Configuration for creating a secret

name
string
required

Secret name/key for identification and reference

value
string
required

Secret value to store securely (will be encrypted)

Response

Secret successfully created