Skip to main content
Secret manages credentials Superserve attaches to outbound requests; Provider lists the built-in shortcuts. Python ships both sync (Secret, Provider) and async (AsyncSecret, AsyncProvider) variants with identical method names.

Import

import { Secret, Provider } from "@superserve/sdk"
The SDK reads SUPERSERVE_API_KEY from the environment by default; pass apiKey / api_key to override.

Factory methods

Secret.create

Create a secret. Provide either a provider shortcut or a custom auth config with hosts — they’re mutually exclusive. 
// Provider shortcut.
await Secret.create({ name: "openai-prod", value: key, provider: "openai" })

// Custom auth.
await Secret.create({
  name: "internal-api",
  value: token,
  hosts: ["api.internal.example.com"],
  auth: { type: "api-key", header: "X-Api-Key" },
})
Options:
OptionTypeDescription
namestringRequired. Unique secret name.
valuestringRequired. The credential. Encrypted on the platform; never returned.
providerstringA built-in shortcut (see Provider.list). Mutually exclusive with auth / hosts.
authSecretAuthCustom auth config. Requires hosts.
hostsstring[]Upstream hosts the credential may authenticate. Required with auth.
Returns a Secret.

Secret.get

Fetch an existing secret by name. Returns a Secret. 
const secret = await Secret.get("openai-prod")

Secret.list

List all secrets for the team. Returns an array of SecretInfo. 
const secrets = await Secret.list()

Secret.deleteByName / Secret.delete_by_name

Delete a secret by name. Idempotent. Revokes the secret everywhere immediately — bound stand-in tokens stop working. 
await Secret.deleteByName("openai-prod")

Methods on secret

rotate

Replace the value. Bound sandboxes keep their env var; the new value is used on subsequent requests. Returns the updated Secret. 
await secret.rotate(newValue)

getAudit / get_audit

Requests made with this secret, across all sandboxes, newest first. Returns an array of ProxyAuditEvent. 
const events = await secret.getAudit({ limit: 50, status: "4xx" })
OptionTypeDescription
limitnumberMax events to return.
beforenumberCursor — return events older than this event id.
status"2xx" | "3xx" | "4xx" | "5xx" | "errors"Filter by status class.

getSandboxes / get_sandboxes

Sandboxes this secret is currently bound to. Returns an array of SecretSandboxBinding. 
const bindings = await secret.getSandboxes()

getInfo / get_info · delete

getInfo() re-fetches the latest SecretInfo; delete() removes this secret (idempotent).

Provider.list

List the built-in provider shortcuts. Returns an array of ProviderShortcut. 
const providers = await Provider.list()

Types

SecretInfo

FieldType
idstring
namestring
authType / auth_type"bearer" | "basic" | "api-key" | "custom" | "per_host"
authConfig / auth_configRecord<string, unknown>
providerShortcut / provider_shortcutstring | undefined
hostsstring[]
createdAt / created_atDate / datetime
updatedAt / updated_atDate / datetime
lastUsedAt / last_used_atDate | undefined

ProviderShortcut

FieldType
namestring — pass as provider to Secret.create
displaystring
authType / auth_typeSecretAuthType
hostsstring[]
tokenShape / token_shapestring — e.g. "sk-ant-api03-..."

ProxyAuditEvent

FieldType
idnumber
tsDate / datetime
sandboxId / sandbox_idstring
sandboxName / sandbox_namestring | undefined
method · host · pathstring
statusnumber
upstreamStatus / upstream_statusnumber | undefined
latencyMs / latency_msnumber | undefined
errorCode / error_codestring | undefined

SecretSandboxBinding

FieldType
sandboxId / sandbox_idstring
sandboxName / sandbox_namestring
envKey / env_keystring
statusSandboxStatus
For the network log types (NetworkEvent, NetworkLogPage), see Sandbox.getNetworkLog.