Skip to main content
Client secrets authenticate account-level operations: managing apps, schemas, and notification rules.

Format

vela_cs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Generating a client secret

  1. Log into the Vela dashboard
  2. Navigate to Settings > Client Secrets
  3. Click Generate New Secret
  4. Copy the secret immediately — it is only shown once
The full secret value is displayed only at creation time. If you lose it, revoke it and generate a new one.

Using in your code

Store the secret as an environment variable: 
export VELA_CLIENT_SECRET="vela_cs_..."
Then reference it in your application: 
import { VelaManagementClient } from '@vela/sdk';

const client = new VelaManagementClient(process.env.VELA_CLIENT_SECRET);

Revoking a secret

  1. Go to Settings > Client Secrets in the dashboard
  2. Click the delete icon next to the secret you want to revoke
  3. The secret is immediately invalidated
Revoking a secret is instant and irreversible. Any application using that secret will receive 401 Unauthorized errors.

Best practices

  • Generate separate secrets for development and production
  • Rotate secrets periodically
  • Never embed secrets in client-side code or commit them to version control
  • Use your CI/CD platform’s secret management (GitHub Actions secrets, Vercel env vars, etc.)