secret() - Elding

secret() returns the raw value of a secret. Use it for values that do not travel through an HTTP API, such as DATABASE_URL, JWT_SECRET, and configuration variables.

import { secret } from "@elding/sdk";

const dbUrl = await secret("DATABASE_URL");
const db = new Pool({ connectionString: dbUrl });

The value is loaded into your application’s memory, like with a traditional vault. For an HTTP API key such as OpenAI or Stripe, use configure() instead so the key never enters your application.

The rule

Secret type	Function	Protected by the proxy
HTTP API key (OpenAI, Stripe, Resend, etc.)	`configure()`	Yes
Database or configuration value (non-HTTP)	`secret()`	No
Several raw secrets at once	`client()`	No

If you pass a non-HTTP target to configure(), it redirects you to secret(). You always know which values are protected by the proxy and which are not.

configure()client()

⌘I

​The rule

The rule