Introduction
Laravel Cloud’s Secrets Manager allows you to define encrypted secrets at the organization level and link them to one or more environments. This is useful for values that are shared across environments, such as third-party API tokens, GitHub tokens, Cloudflare credentials, or other sensitive configuration. Unlike custom environment variables, secrets are managed centrally. When a shared value changes, you can update it once and then redeploy the environments that use it, rather than copying the value into each environment individually. Laravel Cloud injects secrets into your application as environment variables during deployment. After you save a secret, Laravel Cloud will not show its value in the dashboard.Creating secrets
To create a secret, navigate to your organization’s dashboard and click “Settings > Secrets”. Then, click New secret. Each secret has a key, value, and optional notes. Secret keys must start with a letter or underscore and may only contain letters, numbers, and underscores. For example:Managing secrets
To edit a secret, navigate to “Settings > Secrets” and select the secret from the list. You may update its value, notes, or linked environments.Secret values are write once, read never. When editing a secret, Laravel Cloud does not show the existing value. To rotate a secret, enter a new value and save your changes.
Linking secrets to environments
A secret affects an environment only after you link it. To link secrets from an environment, open the environment’s general settings, scroll to the injected variables section, and click Link secrets. From the link secrets dialog, you may select one or more organization secrets to attach to the environment. Environments have a hard limit of 30 linked secrets. Saving the selection updates the environment’s linked secrets, but your application receives the new values after you deploy the environment again. When a secret is linked to an environment, Laravel Cloud shows that a shared secret is attached, but it does not display the secret value.Deploying changes
Laravel Cloud decrypts and injects secrets during deployment. After creating, updating, linking, unlinking, or deleting a secret, redeploy each affected environment for the change to take effect. If you link a secret to several environments, redeploy each environment before the updated value is available there.Variable precedence
Laravel Cloud merges secrets into the environment variables generated for a deployment. If a custom environment variable and a linked secret use the same key, the custom environment variable takes priority.Custom environment variables take priority over linked secrets and automatically injected environment variables.

