āback to changelog
Use Your Secrets From Your Own Code
Your stored secrets and connections are no longer usable only inside the agent. You can now proxy a request through a secret - with the credential injected server-side - or mint a short-lived token for your own code, directly from the Node, Go, and Python SDKs.
ChatBotKit's encrypted secret vault has always let your agents call authenticated APIs without ever handling the credential. That same capability is now available to your own code.
Two operations are available on every secret:
- Proxy - describe a request and ChatBotKit performs it for you, injecting the secret at egress. The credential value never leaves our servers, and the upstream response comes back verbatim. It works for every secret type, and for OAuth the access token is refreshed automatically.
- Mint - for the cases a proxy can't serve - a provider SDK that wants a token string, a non-HTTP protocol, or a service reachable only from your own network - mint a short-lived token from an OAuth or JWT secret and use it directly. Minting is owner-only.
Both are first-class methods in the Node, Go, and Python SDKs, with per-user (personal) secrets addressed by contact so each of your users acts with their own connection. Static credentials such as passwords and API keys stay server-side and are used through the proxy - they are never handed back.