Secrets Management

Create a new secret

curl --request PUT \
  --url https://api.nexrender.com/api/v2/secrets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "<string>",
  "value": "<string>"
}'

This response does not have an example.

PUT

secrets

Create a new secret

curl --request PUT \
  --url https://api.nexrender.com/api/v2/secrets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "<string>",
  "value": "<string>"
}'

This response does not have an example.

What Are Secrets?

Secrets are securely stored values that can be referenced in job payloads or upload configurations.
They are encrypted, team-scoped, and never exposed in plaintext once created. Use secrets to keep API keys, S3 credentials, or other sensitive environment variables out of job definitions.

Endpoints

List Secrets

curl -X GET https://api.nexrender.com/api/v2/secrets \
  -H "Authorization: Bearer YOUR_API_KEY"

Create or Update a Secret

curl -X PUT https://api.nexrender.com/api/v2/secrets \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "AWS_ACCESS_KEY_ID",
    "value": "AKIAIOSFODNN7EXAMPLE"
  }'

If a secret with the same name exists, that would result into error:

Secret Already Exists

{
    "error": "A secret with this name already exists in your team"
}

Using Secrets in Rendering Jobs

When defining upload configuration or other sensitive fields inside a job payload, you can reference secrets by name instead of hardcoding credentials:

{
  "upload": {
    "provider": "s3",
    "params": {
      "region": "us-east-1",
      "bucket": "my-renders",
      "accessKeyId": "${secret.AWS_ACCESS_KEY_ID}",
      "accessKeySecret": "${secret.AWS_SECRET_ACCESS_KEY}"
    }
  }
} 

This way, Nexrender Cloud will resolve secrets at runtime without ever exposing their values in logs or responses. Secrets can be used in upload object, assets, and in webhook fields.

Removing Secrets

  curl --request DELETE \
  --url https://api.nexrender.com/api/v2/secrets/<SECRET_ID> \
  --header "Authorization: Bearer <YOUR_API_TOKEN>"

The endpoint returns 200 OK on success and typically no response body.

Best Practices

Use secrets for all credentials (API keys, S3 credentials, webhooks with auth).
Rotate secrets regularly (re-upload them via the PUT /secrets endpoint).
Prefer fine-grained secrets (per-project, per-environment) rather than global catch-alls.

Authorizations

Authorization

string

header

required

Bearer token authentication using API tokens for team-based access control.

You can generate your own API token at: https://app.nexrender.com/team/settings

Body

application/json

Configuration for creating a secret

name

string

required

Secret name/key for identification and reference

value

string

required

Secret value to store securely (will be encrypted)

Response

Secret successfully created

Advanced Rendering Practices nx:comp-duration-set

⌘I

Essentials

Managing Templates

Rendering Jobs

Fonts Management

Troubleshooting

What Are Secrets?

Endpoints

List Secrets

Create or Update a Secret

Using Secrets in Rendering Jobs

Removing Secrets

Best Practices

Authorizations

Body

Response

Essentials

Managing Templates

Rendering Jobs

Fonts Management

Troubleshooting

​What Are Secrets?

​Endpoints

​List Secrets

​Create or Update a Secret

​Using Secrets in Rendering Jobs

​Removing Secrets

​Best Practices

Authorizations

Body

Response

What Are Secrets?

Endpoints

List Secrets

Create or Update a Secret

Using Secrets in Rendering Jobs

Removing Secrets

Best Practices