Secrets
FreshDRM-Protected Plugins Only
The Secrets API is restricted to DRM-protected plugins distributed through Marketplace.
Overview
The Secrets API allows plugins to access obfuscated secrets (API keys, client credentials) at runtime without exposing them in source code.
SOP: Add Plugin Secrets
Step 1: Create secrets.json
Place alongside manifest.json in your .sdPlugin directory:
json
{
"api_key": "your-api-key-here",
"client_secret": "your-client-secret"
}DANGER
Never commit secrets.json to version control. Add it to .gitignore.
Step 2: Access at Runtime
typescript
type Secrets = {
api_key: string;
client_secret: string;
};
const secrets = await streamDeck.system.getSecrets<Secrets>();
console.log(secrets.api_key);Step 3: Upload with DRM
- Include
secrets.jsonwhen uploading to Maker Console - The file is automatically removed during DRM processing
- In production, secrets are sourced from Stream Deck, not local files
Security Considerations
- Secrets are obfuscated but not 100% bulletproof
- Implement backup strategies for credential rotation
- Maintain ability to revoke credentials remotely
- Contents are only secure after DRM protection in Maker Console