Secrets are now managed via the WebOps interface to increase the security of sensitive data and streamline deployment processes. This change centralizes sensitive information management, such as API keys, tokens, and passwords through WebOps.

What has changed?
Previously, secrets were handled through the VTEX IO CLI secrets plugin. To enable secrets management, an empty vtex.env
file needed to be present in the project root. The key-value pairs were stored in the secrets.revealed.json
file, then encrypted into secrets.hidden.json
before being committed to the main branch.
Now, this workflow has been deprecated, and secrets are managed directly through the WebOps interface, where you can create, update, and delete them. Secrets are loaded as environment variables during deployment and are no longer committed to the project codebase.
Why did we make this change?
Secrets management via WebOps provides the following advantages:
- Increased security of sensitive data by eliminating secrets from source code and version control.
- Reduced operational overhead and potential sync errors that might arise from CLI-managed secrets files.
- Secrets are managed uniformly across all FastStore deployment providers.
What needs to be done?
For stores using the deprecated workflow
If your store currently uses the deprecated secrets plugin via the VTEX IO CLI, follow these steps to migrate to WebOps secrets management:
- Push a new commit to your repository to trigger migration.
- After pushing the new commit, access the VTEX Admin and go to Storefront > WebOps.
- In WebOps, go to the Secrets tab and check if the secrets were migrated correctly.
- Delete the
secrets.revealed.json
andsecrets. hidden.json
files from your store repository.
Don't delete the
vtex.env
file. This file is still necessary for local development.
- After completing these steps, you can manage secrets through WebOps in the VTEX Admin.
For all stores managing secrets
All FastStore deployments now use WebOps for secrets management by default. To manage your secrets, follow these steps:
- Access your FastStore WebOps dashboard and navigate to the Settings tab.
- In the Secrets tab, you can create, update, or delete secrets according to your needs.
For detailed instructions, see the Managing secrets guide.