[Feature Request] Secrets store for scheduled triggers (RemoteTrigger)
Problem
Scheduled triggers (RemoteTrigger / claude.ai/code/scheduled) have no way to securely store secrets. The only option today is embedding API keys directly in the trigger prompt as plaintext.
This means:
- API keys, private keys, and tokens are stored in the prompt text visible to anyone with account access
- Keys appear in trigger run history
- No way to rotate a secret without editing every trigger prompt that uses it
- No masking in logs or output
This is a basic capability that every CI/CD platform (GitHub Actions, Vercel, Railway, Render) has had for years.
Real-world impact
Any pipeline that integrates with external APIs (SaaS tools, databases, notification services, third-party platforms) needs to store credentials. Currently the only option is pasting them into the prompt. For keys that control financial accounts or sensitive services, this is unacceptable.
Proposed solution
Add an encrypted secrets store to cloud environments (environment_id). Triggers running in that environment can access secrets as environment variables.
API design suggestion
// When creating/updating an environment
{
"secrets": {
"MY_API_KEY": "encrypted-value",
"MY_TOKEN": "encrypted-value"
}
}
Trigger prompts reference them like:
The environment has MY_API_KEY and MY_TOKEN available as environment variables.
Or even better, use ${{secrets.MY_API_KEY}} syntax in the prompt that gets resolved server-side at runtime, never exposed in the trigger config.
Requirements
- Secrets encrypted at rest
- Not readable after creation (write-only, like GitHub Actions secrets)
- Masked in trigger run logs
- Accessible as environment variables inside the trigger's container
- Manageable via API and UI (claude.ai/code/scheduled)
- Scoped per environment, not per trigger (so multiple triggers can share secrets)
Current workaround
Embedding keys directly in the trigger prompt text. Works but is the equivalent of checking secrets into source code.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗