> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shuttle.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

> Including secrets in your deployment

This plugin manages secrets on [Shuttle](https://www.shuttle.dev).

## Usage

Add a `Secrets.toml` to the crate root or workspace root of your Shuttle service with the secrets you'd like to store.
Make sure to add `Secrets*.toml` to a `.gitignore` to omit your secrets from version control.

The format of the Secrets.toml file is a key-value mapping with string values.

```toml theme={null}
MY_API_KEY = 'the contents of my API key'
MY_OTHER_SECRET = 'some other secret'
```

Next, pass `#[shuttle_runtime::Secrets] secrets: shuttle_runtime::SecretStore` as an argument to your `shuttle_runtime::main` function.
`SecretStore::get` can now be called to retrieve your API keys and other secrets at runtime.

## Local secrets

When developing locally with `shuttle run`, you can use a different set of secrets by adding a `Secrets.dev.toml` file.

If you don't have a `Secrets.dev.toml` file, `Secrets.toml` will be used locally as well as for deployments.
If you want to have both secret files with some of the same secrets for both local runs and deployments, you have to duplicate the secret across both files.

## Different secrets file

You can also use other secrets files (in TOML format) by using the `--secrets [file]` argument on the `run` and `deploy` commands.

## Example

This snippet shows a Shuttle rocket main function that uses the `shuttle_runtime::Secrets` attribute to gain access to a `SecretStore`.

```rust main.rs theme={null}
use shuttle_runtime::SecretStore;

#[shuttle_runtime::main]
async fn rocket(
    #[shuttle_runtime::Secrets] secrets: SecretStore,
) -> shuttle_rocket::ShuttleRocket {
    // get secret defined in `Secrets.toml` file.
    let secret = secrets.get("MY_API_KEY").context("secret was not found")?;

    let state = MyState { secret };
    let rocket = rocket::build().mount("/", routes![secret]).manage(state);

    Ok(rocket.into())
}
```

The full example can be found on [GitHub](https://github.com/shuttle-hq/shuttle-examples/tree/main/rocket/secrets)

## Deleting secrets

This command will delete *all* secrets from your project.
Re-deploy with an updated `Secrets.toml` to add them back.

```bash theme={null}
shuttle resource delete secrets
```

## Caveats

* Some libraries read from their own config files or environment variables,
  with no way of providing them in code. Sometimes, this can be solved by
  manually setting the variable after loading the secret (and before loading the library):
  `std::env::set_var("SOME_ENV_VAR", my_secret);`