Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.kodexa.ai/llms.txt

Use this file to discover all available pages before exploring further.

Secret Commands

The kdx secret command manages organization secrets used by platform resources such as Activity steps, modules, and service bridge integrations. Secret values are write-only. The CLI can list secret names, set values securely, and delete names, but it never reads secret values back from the platform.

Available Commands

CommandDescription
listList secret names in an organization
setCreate or update a secret value
deleteDelete a secret name

List Secrets

kdx secret list <org-slug>
Example: 
kdx secret list acme
Output: 
3 secret(s) in 'acme':
  ERP_API_TOKEN
  ERP_BASE_URL
  OCR_SERVICE_KEY
Only names are returned. Values are never printed.

Set a Secret

kdx secret set <org-slug> <name> [flags]
By default, the CLI prompts for the value with no terminal echo. 
kdx secret set acme ERP_API_TOKEN
For non-interactive workflows, pass exactly one value source.
FlagDescription
--from-file <path>Read the value from a file and trim a single trailing newline
--from-env <name>Read the value from an environment variable
--from-stdinRead the value from standard input
Examples: 
# From an environment variable in CI
kdx secret set acme ERP_API_TOKEN --from-env ERP_API_TOKEN

# From a local file
kdx secret set acme OCR_SERVICE_KEY --from-file ./secrets/ocr-key.txt

# From a password manager or another command
op read 'op://Engineering/ERP/token' | kdx secret set acme ERP_API_TOKEN --from-stdin
Output: 
Set secret "ERP_API_TOKEN" in organization "acme" (48 bytes)
The byte count confirms that a value was sent without showing the value itself.

Delete a Secret

kdx secret delete <org-slug> <name>
Example: 
kdx secret delete acme OLD_ERP_API_TOKEN
Deleting a name that does not exist is not treated as an error by the command. Use stable names that describe the external system and purpose: 
ERP_API_TOKEN
ERP_BASE_URL
AZURE_DOCUMENT_INTELLIGENCE_KEY
CLAIMS_SYSTEM_CLIENT_SECRET
Keep environment-specific values in environment-specific organizations or sync targets. Do not commit secret values to metadata repositories. For CI/CD, store the value in the CI secret store and pass it with --from-env.

Troubleshooting

SymptomWhat to check
organization not foundConfirm the organization slug and active profile.
environment variable is not setConfirm the variable exists in the current shell or CI job.
stdin is not a terminalIn non-interactive mode, pass --from-file, --from-env, or --from-stdin.
Secret appears to be missing at runtimeConfirm the Activity step or service bridge references the exact secret name.