Groundfloor Docs

Secrets

Create, reveal, update, and delete workspace-scoped secrets with audited reveal.

Secrets stores sensitive values (API keys, connection strings, tokens) per workspace. The default backend is Infisical; dev environments without Infisical use an in-memory fallback.

Pillar #12· Secrets Management✅ Live

Who can access

ActionRequired permission
List secrets (masked)read
Reveal secret valueread (audited)
Create / update secretwrite
Delete secretdelete

Prerequisites

  • Workspace selected in the top navigation picker

View secrets

Open Secrets

In the sidebar under Data, click Secrets.

Select a workspace

Use the workspace picker in the top navigation bar.

Browse the table

Secrets are listed by Key with masked values. Platform-managed secrets (e.g. DATAPLANE_SERVICE_API_KEY) are marked and cannot be edited or deleted from the portal.

Reveal a secret value

Click the eye icon on a row. The value appears briefly and the reveal is recorded in the audit log. Click again to hide.

Secret reveals are audited. Only reveal values when necessary and never share revealed values in chat or email.

Create or update a secret

Click New secret

Or click Edit on an existing row (non-platform secrets only).

Enter key and value

Keys are unique per workspace. Values are encrypted at rest by the secret backend.

Save

The secret appears in the table with a masked value.

Delete a secret

Click the trash icon, confirm in the dialog. Platform-managed secrets cannot be deleted from the portal.

The Data Vault setup flow can link here with ?workspace_id={uuid} to jump directly to the correct workspace.

Troubleshooting

ProblemLikely causeWhat to do
Secret not found after createWrong workspaceVerify workspace picker
Cannot edit platform secretManaged by Control PlaneUse Dataplane setup or API
Reveal returns emptyBackend not configuredCheck Infisical in dev (deploy/PHASE2-DEPS.md)
403 on upsertMissing writeCheck Members & Roles
  • GET /v1/workspaces/{id}/secrets — list (masked)
  • GET /v1/workspaces/{id}/secrets/{key} — reveal value
  • PUT /v1/workspaces/{id}/secrets/{key} — upsert
  • DELETE /v1/workspaces/{id}/secrets/{key} — delete

See Shell Secrets for app integration.

Files

Upload, download, and delete workspace-scoped files via presigned object storage URLs.

Activity Log

View and export audit events scoped to an account or workspace.

On this page

Who can accessPrerequisitesView secretsOpen SecretsSelect a workspaceBrowse the tableReveal a secret valueCreate or update a secretClick New secretEnter key and valueSaveDelete a secretDeep link from Dataplane setupTroubleshootingRelated API