ManticScore lets you store API keys for third-party services so that Forge, the AI agent, and automation features can use them on your behalf. Keys are encrypted at rest and are never returned in plaintext — only a masked preview is shown after saving.
Supported secrets
| Key | What it enables |
|---|
github_pat | GitHub Personal Access Token — required for Forge to create branches and pull requests |
anthropic_api_key | Anthropic API key — allows the agent to use your own API quota |
openai_api_key | OpenAI API key — allows the agent to use your own API quota |
Save or update secrets
Send a PUT request with the keys you want to set. You can set multiple keys in one call. Pass null to clear a key. Any key you omit is left unchanged.
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json
{
"github_pat": "ghp_your_token_here",
"anthropic_api_key": "sk-ant-your_key_here",
"openai_api_key": null
}
Response:
{
"github_pat": "ghp_...****",
"anthropic_api_key": "sk-ant-...****",
"openai_api_key": null,
"has_github_pat": true,
"has_anthropic_key": true,
"has_openai_key": false
}
The response shows masked values (only the first few characters) and boolean flags for each key. Use the has_* flags in your UI — they reliably indicate whether a key is stored without leaking any part of the actual value.
Keys are never returned in full after saving. If you need to rotate a key, simply call PUT /secrets with the new value.
Read current status
GET /secrets
Authorization: Bearer <token>
The response has the same shape as the PUT response — masked values and has_* boolean flags.
Clearing a key
To remove a stored key, pass null for that key:
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json
{"github_pat": null}
Omit the other keys to leave them unchanged.
Bootstrap includes secrets status
When you call GET /auth/bootstrap on app launch, the response includes your secrets status so you don’t need a separate round trip:
{
"secrets": {
"github_pat": "ghp_...****",
"anthropic_api_key": null,
"openai_api_key": null,
"has_github_pat": true,
"has_anthropic_key": false,
"has_openai_key": false
}
}
Use the bootstrap call on app launch to check which keys are stored before prompting the user to connect integrations.