# Secrets Secrets are key/value pairs injected into your Transformation code at runtime. Use them for anything you don't want hard-coded — API keys, tokens, pixel IDs, feature flags. Secrets are stored encrypted and are never logged. You manage secrets from the **Secrets** tab in the Playground UI. Each secret has a name, a value, and a flag that controls whether it's available in the browser. ### Edge vs. browser scope Every secret is always available in edge plugin files (`tagRoot`, `tagChannel`, `tagInstance`). Only secrets with the **client** flag are available in browser plugin files (`clientTagRoot`, `clientTagChannel`, `clientTagInstance`). The access path is the same on both sides: `params.variables.`. ```javascript // tagRoot (edge) — all secrets are available const apiKey = params.variables.API_KEY // ✓ defined const pixelId = params.variables.PIXEL_ID // ✓ defined // clientTagRoot (browser) — only client-flagged secrets are available const pixelId = params.variables.PIXEL_ID // ✓ defined (if flagged) const apiKey = params.variables.API_KEY // ✗ undefined (edge-only) ``` {% hint style="warning" %} Client-flagged secrets are shipped to every visitor's browser and are effectively public. Only flag values that are safe to expose — public pixel IDs, feature flags, public URLs. Never flag private API keys, signing secrets, or tokens as client-side. {% endhint %} ### Adding a secret 1. Open the **Secrets** tab. 2. Enter a name and value. 3. Tick **client** if your browser plugin files need to read it. 4. Save. Secret names are used verbatim — what you type in the UI is what you read in code. ### Redaction in Simulation When you run a simulation, Playground redacts sensitive values from the captured output. Any header or body key matching `authorization`, `token`, `api-key`, `api_key`, `secret`, `password`, or `cookie` is replaced with `[REDACTED]` before being shown — even when your code legitimately passes a secret through to a third-party API. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.edgetag.io/playground/transformation/secrets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.