> ## Documentation Index
> Fetch the complete documentation index at: https://docs.manticscore.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Store and manage encrypted third-party API keys

> Save your GitHub, Anthropic, and OpenAI API keys securely in ManticScore. Keys are encrypted at rest and only a masked preview is returned after saving.

ManticScore lets you store API keys for third-party services so that Forge, the AI agent, and automation features can use them on your behalf. Keys are encrypted at rest and are never returned in plaintext — only a masked preview is shown after saving.

## Supported secrets

| Key                 | What it enables                                                                        |
| ------------------- | -------------------------------------------------------------------------------------- |
| `github_pat`        | GitHub Personal Access Token — required for Forge to create branches and pull requests |
| `anthropic_api_key` | Anthropic API key — allows the agent to use your own API quota                         |
| `openai_api_key`    | OpenAI API key — allows the agent to use your own API quota                            |

## Save or update secrets

Send a `PUT` request with the keys you want to set. You can set multiple keys in one call. Pass `null` to clear a key. Any key you omit is left unchanged.

```bash theme={null}
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json

{
  "github_pat": "ghp_your_token_here",
  "anthropic_api_key": "sk-ant-your_key_here",
  "openai_api_key": null
}
```

**Response:**

```json theme={null}
{
  "github_pat": "ghp_...****",
  "anthropic_api_key": "sk-ant-...****",
  "openai_api_key": null,
  "has_github_pat": true,
  "has_anthropic_key": true,
  "has_openai_key": false
}
```

The response shows masked values (only the first few characters) and boolean flags for each key. Use the `has_*` flags in your UI — they reliably indicate whether a key is stored without leaking any part of the actual value.

<Warning>
  Keys are never returned in full after saving. If you need to rotate a key, simply call `PUT /secrets` with the new value.
</Warning>

## Read current status

```bash theme={null}
GET /secrets
Authorization: Bearer <token>
```

The response has the same shape as the `PUT` response — masked values and `has_*` boolean flags.

## Clearing a key

To remove a stored key, pass `null` for that key:

```bash theme={null}
PUT /secrets
Authorization: Bearer <token>
Content-Type: application/json

{"github_pat": null}
```

Omit the other keys to leave them unchanged.

## Bootstrap includes secrets status

When you call `GET /auth/bootstrap` on app launch, the response includes your secrets status so you don't need a separate round trip:

```json theme={null}
{
  "secrets": {
    "github_pat": "ghp_...****",
    "anthropic_api_key": null,
    "openai_api_key": null,
    "has_github_pat": true,
    "has_anthropic_key": false,
    "has_openai_key": false
  }
}
```

<Tip>
  Use the bootstrap call on app launch to check which keys are stored before prompting the user to connect integrations.
</Tip>
