x3s.host Docs

Secrets & Settings

How to manage API keys, environment variables, and runtime settings for your agents.

Secrets

The Secrets tab in your agent panel is where you store API keys and environment variables your runtime needs. Secrets are encrypted at rest and injected into your container as environment variables at startup.

Adding a secret

  1. Open your agent and go to the Secrets tab
  2. Enter the variable name (e.g. OPENAI_API_KEY) and value
  3. Click Add

The value is saved and shown as •••••• — it cannot be read back after saving. You can update or delete it at any time.

Bulk import

If you have multiple secrets, paste a .env file directly into the bulk import field:

OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
MY_WEBHOOK_URL=https://...

Each line is saved as a separate secret.

When do secrets take effect?

Secrets are injected when the container starts. After adding or changing a secret, restart your agent (or redeploy) to pick up the new values.

Runtime settings

The Settings tab in your agent panel contains runtime-specific options — things like model configuration, tool enablement, and behaviour preferences. What's available depends on which runtime you're running.

Changes to settings take effect on the next restart.

Global defaults

Account-level defaults for new agent deployments are available from Settings in the main sidebar. These let you pre-configure things that apply to every new agent you deploy.

Rotating credentials

If a key is compromised or expires:

  1. Go to the Secrets tab
  2. Delete the old entry
  3. Add the new value under the same name
  4. Restart the agent

The old value is permanently removed when deleted.

Networking & SSH

Public access, Tailscale private networking, and SSH into your agent.

Data & Backups

What gets saved, what to expect across restarts, and how to protect your agent's data.

On this page

SecretsAdding a secretBulk importWhen do secrets take effect?Runtime settingsGlobal defaultsRotating credentials