Documentation Index
Fetch the complete documentation index at: https://docs.amika.dev/llms.txt
Use this file to discover all available pages before exploring further.
Amika stores two kinds of secrets in the vault. This page is the reference;
for a walkthrough see Manage secrets.
Generic vs provider secrets
| Generic secrets | Provider secrets |
|---|
| What | Arbitrary KEY=VALUE pairs | Claude / Codex credentials |
| Used by | .amika/config.toml { secret = "name" }, --secret env:... | Auto-injected agent credentials |
| Create | amika secret push, createSecret | amika secret claude|codex push, createProviderSecret |
| List | amika secret (web UI), listSecrets | amika secret claude|codex list, listProviderSecrets |
| Update | updateSecret(id, { value }) | re-push |
| Delete | Not supported (see below) | amika secret claude|codex delete, deleteProviderSecret |
There is no delete endpoint for generic secrets. They can be created,
listed, and updated, but not removed once pushed. Provider secrets
(Claude / Codex) can be deleted.
Scope model
Generic secrets and extracted secrets carry a scope:
| Scope | Visibility |
|---|
user (default) | Private to you |
org | Visible to everyone in your org |
amika secret push API_KEY=sk-... --scope org
amika secret push
Push generic secrets from inline arguments, environment variables, or a
.env file.
amika secret push ANTHROPIC_API_KEY=sk-ant-xxx
amika secret push --from-env ANTHROPIC_API_KEY,OPENAI_API_KEY
amika secret push --from-file .env
| Flag | Default | Description |
|---|
--from-env <keys> | | Comma-separated env var names to read and push |
--from-file <path> | | Path to a .env file with KEY=VALUE lines |
--scope <scope> | user | user (private) or org (org-visible) |
--from-file
values, and --from-env overrides both.
Discover locally stored credentials and optionally push them to the vault.
Shares its discovery logic with amika auth extract.
amika secret extract
amika secret extract --push
amika secret extract --push --only ANTHROPIC_API_KEY,OPENAI_API_KEY
| Flag | Default | Description |
|---|
--push | false | Push discovered secrets after confirmation |
--only <keys> | | Comma-separated names to include |
--scope <scope> | user | user or org |
--homedir <path> | | Override home directory for discovery |
--no-oauth | false | Skip OAuth credential sources |
amika secret claude / amika secret codex
Manage provider credentials. Both share the same shape; only the provider
segment differs.
push
# Auto-detect OAuth (preferred)
amika secret claude push --type oauth
# API key
amika secret claude push --type api_key --value sk-ant-xxx
# From a file
amika secret codex push --from-file ~/.codex/auth.json
| Flag | Default | Description |
|---|
--name <label> | | Human-readable label (prompted if omitted) |
--value <string> | | Credential value (skips discovery) |
--from-file <path> | | Path to a credentials file (skips discovery) |
--type <type> | oauth | oauth or api_key |
--value and --from-file are mutually exclusive.
list / delete
amika secret claude list # columns: ID, NAME, TYPE
amika secret claude delete <id>
amika secret codex list
amika secret codex delete <id>
SDK equivalents
// Generic
await amika.createSecret({ name, value, scope });
await amika.listSecrets();
await amika.updateSecret(id, { value });
// Provider ("claude" or "codex")
await amika.createProviderSecret("claude", { name, value, type: "oauth" });
await amika.listProviderSecrets("claude");
await amika.deleteProviderSecret("claude", id);
