[Feature Request] Encrypted secrets store for scheduled triggers

Resolved 💬 1 comment Opened Apr 22, 2026 by ramkrishna2910 Closed May 27, 2026

Problem

Scheduled triggers (RemoteTrigger / claude.ai/code/scheduled) have no way to securely store secrets. The only option today is embedding API keys directly in the trigger prompt as plaintext.

This means:

  • API keys, private keys, and tokens are stored in the prompt text visible to anyone with account access
  • Keys appear in trigger run history
  • No way to rotate a secret without editing every trigger prompt that uses it
  • No masking in logs or output

This is a basic capability that every CI/CD platform (GitHub Actions, Vercel, Railway, Render) has had for years.

Real-world impact

Any pipeline that integrates with external APIs (SaaS tools, databases, notification services, third-party platforms) needs to store credentials. Currently the only option is pasting them into the prompt. For keys that control sensitive services, this is unacceptable.

Proposed solution

Add an encrypted secrets store to cloud environments (environment_id). Triggers running in that environment can access secrets as environment variables.

Option A: Environment-level secrets

{
  "secrets": {
    "MY_API_KEY": "encrypted-value",
    "MY_TOKEN": "encrypted-value"
  }
}

Accessible as env vars inside the trigger container.

Option B: Template syntax in prompts

${{secrets.MY_API_KEY}} in the prompt, resolved server-side at runtime, never exposed in the trigger config or logs.

Requirements

  • Secrets encrypted at rest
  • Not readable after creation (write-only, like GitHub Actions secrets)
  • Masked in trigger run logs
  • Accessible as environment variables inside the trigger container
  • Manageable via API and UI (claude.ai/code/scheduled)
  • Scoped per environment so multiple triggers can share secrets

Current workaround

Embedding keys directly in the trigger prompt text.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗