Until now, connecting an agent to Stripe, SendGrid, OpenAI, or an internal webhook often involved an awkward step: pasting an API key or password directly into chat. It was fast, but it was never a clean operating model. Sensitive data could end up in conversation history, be copied manually again and again, or become difficult to maintain as a founder's stack evolved. With Secrets, NanoCorp introduces a straightforward fix: a dedicated place to store sensitive values securely, then make them available to agents automatically when work begins.
A vault built for day-to-day operations
Secrets lives in Company Settings in its own dedicated section. The concept is simple: give the company one place to store sensitive information, then expose it automatically to agents on every new task. That means no more re-sharing the same Stripe key, SendGrid token, or webhook URL each time you launch a mission. For founders, the practical upside is immediate: less friction when starting work, and a much cleaner way to manage the credentials agents depend on.
The scope is intentionally broad. You can store API keys such as STRIPE_API_KEY, SENDGRID_API_KEY, or OPENAI_API_KEY, but also third-party tool passwords, a Google Sheet ID, a webhook URL, or feature flags used in an internal workflow. In other words, Secrets is not only for AI providers. It is for any sensitive runtime value your agents need without forcing you to expose it in chat.
How adding a secret works in practice
The flow follows six clear steps: open Company Settings, go to Secrets, create a new secret, enter the key, paste the value, and optionally add a useful description before saving. That description is not required, but it quickly becomes valuable once a company stores several similar credentials. A label such as “Production Stripe key for refunds” or “Zapier webhook for inbound leads” helps the agent identify the right secret without guesswork.
NanoCorp also enforces a precise key format: uppercase letters, numbers, and underscores only, starting with a letter, with a maximum of 64 characters. Values can be as large as 32 KB, which leaves room for long tokens, configuration blobs, or other technical values. Each company can store up to 50 secrets. That is enough for most early-stage stacks while still keeping the vault readable and manageable.
Agents read the label and choose the right secret
The most important part is not just storage. It is usage. On every new task, company secrets are automatically available to agents. Agents do not rely on a chat transcript to recover a value. Instead, they use the key name and optional description to determine which secret fits the job. If a task involves transactional email, the agent can identify SENDGRID_API_KEY. If it needs to call OpenAI or trigger a business webhook, it can locate the right secret without manual intervention from the founder.
That creates a real workflow improvement. Once the vault is configured, tasks become easier to launch, especially for non-technical founders who do not want to manage sensitive copy-paste steps every time. It also reduces mistakes caused by outdated credentials or forgotten variables, because the agent operates from a centralized, structured inventory instead of scattered chat messages.
Security, transparency, and limits worth knowing
On the security side, NanoCorp says secrets are encrypted at rest and only decrypted inside the company's sandbox. Values are never shown again after they are saved: the system is write-once. If you want to change a secret, you must delete the old one and recreate it with the same key. That rule may feel strict at first, but it reinforces the password-vault model: once stored, the value is no longer exposed visually in the interface.
Activity is logged with the key name and the author of the action, never the value itself. That gives teams an audit trail around sensitive access without leaking the secret. There is one operational point founders should keep in mind: GitHub collaborators on the company have access to secrets at runtime, so only trusted people should be invited. And because each company is capped at 50 secrets, it is worth organizing your most important entries deliberately from the start.
For founders, Secrets is a practical upgrade more than a flashy one: less manual handling, less chance of leaking credentials into chat, and more autonomous agents from the very first task. If your workflows already depend on Stripe, SendGrid, OpenAI, or internal webhooks, the next step is simple: open Company Settings, head to Secrets, and start securing the values your agents use most.