Skip to content

Secrets

Fresh

DRM-Protected Plugins Only

The Secrets API is restricted to DRM-protected plugins distributed through Marketplace.

Overview

The Secrets API allows plugins to access obfuscated secrets (API keys, client credentials) at runtime without exposing them in source code.

SOP: Add Plugin Secrets

Step 1: Create secrets.json

Place alongside manifest.json in your .sdPlugin directory:

json
{
  "api_key": "your-api-key-here",
  "client_secret": "your-client-secret"
}

DANGER

Never commit secrets.json to version control. Add it to .gitignore.

Step 2: Access at Runtime

typescript
type Secrets = {
  api_key: string;
  client_secret: string;
};

const secrets = await streamDeck.system.getSecrets<Secrets>();
console.log(secrets.api_key);

Step 3: Upload with DRM

  1. Include secrets.json when uploading to Maker Console
  2. The file is automatically removed during DRM processing
  3. In production, secrets are sourced from Stream Deck, not local files

Security Considerations

  • Secrets are obfuscated but not 100% bulletproof
  • Implement backup strategies for credential rotation
  • Maintain ability to revoke credentials remotely
  • Contents are only secure after DRM protection in Maker Console