Documentation Index
Fetch the complete documentation index at: https://docs.murmur.dev/llms.txt
Use this file to discover all available pages before exploring further.
A secret is a catalog resource that stores a sensitive value — an API key, access token, or credential — for your tenant. Secrets are encrypted at rest and injected as environment variables on every agent VM in the tenant’s workspaces.
Secret values are write-only. You can set and delete them, but you cannot read them back. Listing secrets returns names and metadata only.
Fields
| Name | Type | Required | Description |
|---|
name | string | yes | Secret name. Must match [A-Z][A-Z0-9_]* — uppercase letters, digits, and underscores, starting with a letter. |
plaintext_value | bytes | yes (on write) | The secret value. Write-only — cleared after encryption and never returned by reads or listings. |
created_at | timestamp | no (read-only) | Timestamp of when the secret was created. Set automatically on creation. |
description | string | no | Human-readable description shown in the dashboard. Maximum 1024 bytes. |
The name field doubles as the environment variable name on agent VMs. A secret named NPM_TOKEN is available to agents as $NPM_TOKEN. Reserved names
Two categories of names are rejected:
| Pattern | Reason |
|---|
MURMUR_* | Reserved for internal use. Any name starting with MURMUR_ is rejected. |
GH_TOKEN | Automatically populated from the spawning developer’s GitHub token. Cannot be set or deleted as a tenant secret. |
CLI shorthand
The murmur secret set commands provide a shorthand for managing secrets without constructing catalog payloads manually.
| Command | Description |
|---|
murmur secret set | Set a secret. Reads the value from stdin. |
murmur secret ls | List all secret names. |
murmur secret rm | Delete a secret. |
Examples
Setting a secret
Pipe the value through stdin:
echo "sk-ant-abc123" | murmur secret set ANTHROPIC_API_KEY
Set secret "ANTHROPIC_API_KEY"
Setting a secret with a description
Using the catalog API directly:
cat <<'EOF' | murmur set secret DATADOG_API_KEY
{
"name": "DATADOG_API_KEY",
"plaintext_value": "dd-abc123",
"description": "Datadog API key for agent metrics"
}
EOF
Listing secrets
ANTHROPIC_API_KEY
DATADOG_API_KEY
NPM_TOKEN
Deleting a secret
murmur secret rm NPM_TOKEN
Deleted secret "NPM_TOKEN"
Errors
| Code | Meaning | What to do |
|---|
INVALID_ARGUMENT | secret name "foo" must match [A-Z][A-Z0-9_]* | Use uppercase letters, digits, and underscores only. The name must start with a letter. |
INVALID_ARGUMENT | secret name "MURMUR_X" is reserved (MURMUR_* is internal) | Choose a name that does not start with MURMUR_. |
INVALID_ARGUMENT | secret name "GH_TOKEN" is reserved — it is automatically populated from the developer profile | GH_TOKEN is provided automatically. You do not need to set it. |
INVALID_ARGUMENT | plaintext_value is required | The write request is missing the secret value. Provide plaintext_value. |
INVALID_ARGUMENT | description exceeds 1024 byte limit | Shorten the description field to 1024 bytes or fewer. |
INVALID_ARGUMENT | secret name "GH_TOKEN" is reserved and cannot be deleted | Reserved secrets cannot be deleted. |
