Where Do I Find Secrets or Environment Variables in Gumloop?

Secrets (also called environment variables or API keys) are managed in Settings → Profile → Secrets. For agents, the recommended way to connect to an external API is through the agent's built-in code sandbox using the gumcp-client, or by creating a workflow with the Custom Node Builder and adding it to your agent as a tool.

What Are Secrets in Gumloop?

Secrets are encrypted values — like API keys, tokens, or passwords — that you store once in Gumloop and reference by name wherever they're needed. They are never exposed in code, logs, or run outputs.

You can manage secrets at Settings → Profile → Secrets. Click + Add Secret, give it a descriptive name, and paste the value. It's encrypted and stored securely.

How Secrets Work Depending on Where You Use Them

In Workflows (via the Custom Node Builder)

When you create a custom node that calls an external API, Gumloop's AI generates code that reads your credentials through environment variables using os.getenv(). After the node is generated, you'll see an Environment Variables section in the node's settings panel where you map each variable to one of your stored secrets.

1. Go to Custom Nodes or open the node library in the workflow editor (Cmd/Ctrl + B → Your Custom Nodes).

2. Describe what you want the node to do — for example: "Create a node that calls the XYZ API to submit an IT ticket. Use an environment variable for the API key."

3. Click Generate. The AI will create a node with os.getenv('YOUR_API_KEY') calls built in.

4. When you drag this node into a workflow, open its settings and use the Environment Variables dropdown to map each variable to the secret you created in Settings → Profile → Secrets.

5. If you haven't created the secret yet, click + Create new secret at the bottom of the dropdown — you don't need to leave the workflow builder.

In Agents (via Workflow Tools)

Agents can use secrets by calling workflows that have the Custom Node Builder configured with environment variables. This is the recommended approach for connecting an agent to a custom API:

1. Create a workflow using the Custom Node Builder as described above.

2. Open your agent's settings and click + Workflow in the tools section to add the workflow as a tool the agent can call.

3. When the agent needs to call your API, it will run the workflow automatically — with the secret securely injected through the environment variable mapping.

This keeps your API key securely stored and mapped through the workflow's environment variable system.

For Built-In Integrations (OAuth Credentials)

If the service you're connecting to has a native Gumloop integration (like Gmail, Slack, Google Sheets, Salesforce, etc.), you don't need the secrets page at all. Instead:

1. Go to Settings → Profile → Apps and connect the integration via OAuth.

2. In your agent, add the corresponding tool from the Tools panel.

OAuth credentials are managed separately from personal secrets — they handle authentication automatically without you needing to copy API keys.

Common Confusion: "My Agent Told Me to Add an Environment Variable"

If your agent's AI suggested adding an API key as an "environment variable" or "secret" directly in agent settings, this can be misleading. The agent doesn't have a dedicated secrets panel in its own settings page. Here's what to do instead:

• For custom APIs: Create a workflow with the Custom Node Builder, map the secret there, and add the workflow to your agent as a tool.

• For services with native integrations: Connect the integration at Settings → Profile → Apps and add the tool to your agent.

Still Need Help?

If this didn't resolve your issue, reach out to support at support@gumloop.com.

Related Docs

• Using Secrets in Custom Nodes

• Mapping Secrets to Environment Variables

• Agents — Overview

• Custom Node Builder — Full Reference