# Secrets Store

DataSpace offers the option to store secret tokens in a secure store.

Using secrets from a secret store instead of hardcoding them in your source code offers several advantages:

* **Security**: Secrets stored in the source code can be exposed to users with viewer access. The secret store keeps them encrypted and secure.
* **Maintenance**: Secrets change over time, such as API tokens or credentials. Updating them in a central secret store is easier than searching through the codebase to update them everywhere they're used.

For example, instead of hardcoding an API token in your script like this:

```python
auth_token = 'Bearer xxxx-yyyy-zzzz'
```

You can create a new Secret in the Workspace settings panel

<figure><picture><source srcset="https://1439274090-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZPOu0da4Z2EpltdJNcki%2Fuploads%2Fc0pHWueLIwk2Pk4gNq1Y%2Fsecrets_dark.png?alt=media&#x26;token=28b576dc-8053-4a84-8499-d76805d736d2" media="(prefers-color-scheme: dark)"><img src="https://1439274090-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZPOu0da4Z2EpltdJNcki%2Fuploads%2FP1qcp1OL5l6RyFBw6MW9%2Fsecrets_light.png?alt=media&#x26;token=0d2ffae7-207b-4c6b-bfe8-64a1c42e9c1d" alt="Secrets Panel"></picture><figcaption></figcaption></figure>

And access it securely from the environment

```python
import os
auth_token = f"Bearer {os.environ['AUTH_TOKEN']}"
```

During the build, all secrets are injected as environment variables and can be accessed in Python by importing the `os` module.

{% hint style="success" %}
Environmental secrets are stored securely and encrypted in the database to ensure sensitive information remains confidential and protected from unauthorized access.
{% endhint %}