Key Vault: Secure API Key Management
Store and reuse API keys safely in Staffless Key Vault without hardcoding secrets in skills or prompts.
Why Key Vault Matters
Hardcoded keys in skill files create avoidable security and operational risk. Key Vault centralizes secrets and reduces accidental exposure.
It also improves maintainability: rotate one key in one place instead of editing multiple skills and tasks.
Use Clear Key Names
Follow uppercase snake case naming for consistency and easier maintenance across teams and workspaces.
- FAL_API_KEY
- SANITY_API_TOKEN
- BRAVE_API_KEY
- TELEGRAM_BOT_TOKEN
Reference Keys In Skills
Use placeholders such as {{env.FAL_API_KEY}} instead of raw values. Keep all key usage explicit and easy to audit.
After updating a key, run a quick manual task to confirm the integration still authenticates correctly.
FAQ
Can I add any custom key, even for niche APIs?
Yes. Key Vault supports custom key names and values, so you are not limited to a predefined provider list.
Do I still need external connections?
Yes. External connections define integration behavior, while Key Vault handles secret storage and reusable key references.