Secrets interpolated into certain actions may appear in cleartext in Traffic Inspector when full capture mode is enabled
How it works
Vaults are secure containers that store your secrets. Each vault can contain multiple secrets, which are encrypted key-value pairs. Secrets are stored using AES-256 encryption at rest and transmitted over HTTPS with TLS 1.2+. When you reference a secret in a Traffic Policy, the value is evaluated at runtime and never persisted in policy documents or logs. The ngrok API never returns secret values in response payloads. Reference secrets in your Traffic Policy using thesecrets.get() macro:
Using vaults and secrets
To use secrets, you’ll need to create a vault to store them in. REST APIs are provided on the ngrok service for both Vaults and Secrets.Create a vault
Use the ngrok Agent CLI to create a vault:Create a secret
Create a secret within a vault using the vault ID:Common use cases for secrets
Basic authentication
Webhook verification
Audit events
Secrets and vaults emit the following audit events, all of which include the full resource details in the logs:Vault events
Secret events
Limits and pricing
Please contact support to configure limits for the PayGo plan.