Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.duvo.ai/llms.txt

Use this file to discover all available pages before exploring further.

Introduction

Assignments often need to access external websites and platforms, or call third-party APIs and services, as part of their automated workflows. Instead of including sensitive information directly in prompts—which would be insecure—the Logins and Secrets section provides a safe and encrypted way to manage this data.

What are Logins and Secrets?

The Logins and Secrets section can be found under the Resources area in the left sidebar. It stores two types of credentials your assignments can use:
  • Browser Logins — website credentials (domain, username, password, optional 2FA) for automated browser workflows
  • Secrets — named bundles of environment variables (API keys, tokens, database URLs) for automated code and API calls
Items are organized into two groups:
  • Team — shared across your workspace; all team members can use these in their assignments
  • Personal — only you can access these; not visible to other team members
All credentials are encrypted at rest and in transit using AES-256 encryption.

Adding a Browser Login

To add a browser login:
  1. Navigate to the Logins and Secrets section.
  2. Click Add item and select Browser Login.
  3. Enter the following details:
    • Domain: The website URL (e.g., example.com)
    • Username or Email: Your login username or email address
    • Password: Your account password
    • One-time password secret (optional): For 2FA-enabled accounts
    • Two-factor authentication (optional): Configure if needed
  4. Click Save Login.
When an assignment needs to log in to a site, it never directly accesses or “sees” the login. Instead, it calls a secure tool that fetches the correct login for the relevant domain and fills it in automatically. This ensures that sensitive data is never exposed in the assignment’s context window. Stored logins are also used automatically for HTTP Basic Auth — the browser-level username/password prompts that appear on some internal portals and enterprise web apps before the page loads.

Handling Two-Factor Authentication (2FA)

If 2FA is enabled for your account, there are two ways to set it up:

1. Using a One-time Password (OTP) Secret

You can manually enter your OTP secret key into the One-time password secret field. This secret allows the system to generate time-based one-time passwords (TOTPs) automatically whenever your assignment logs in.

2. Importing from Google Authenticator

If your 2FA codes are already managed through Google Authenticator, you can easily import them using the Import from Authenticator feature. To do this:
  1. Choose Import from Authenticator.
  2. Follow the step-by-step tutorial to export your codes from the Google Authenticator app.
    • Open Google Authenticator
    • Tap the three dots menu
    • Select “Transfer accounts” → “Export accounts”
    • Select the accounts to export
    • A QR code will be displayed
  3. Once the tutorial is complete (or skipped), you’ll be prompted to either:
    • Scan QR Code: Use your device camera to scan the QR code from Google Authenticator
    • Enter Secret Manually: Type the secret key if you have it
  4. Click Import to finalize.

Adding a Secret

Secrets are named bundles of environment variables — API keys, tokens, connection strings, or any value your assignment needs to call a service or run code. To add a secret:
  1. Navigate to the Logins and Secrets section.
  2. Click Add item and select Secret.
  3. Enter a Title — a short name that identifies what this secret is for (e.g., Stripe API, Internal DB).
  4. Add one or more key-value pairs:
    • Key: The environment variable name (e.g., STRIPE_API_KEY). Must follow standard environment variable naming — uppercase letters, digits, and underscores.
    • Value: The secret value (e.g., the API key itself).
  5. Choose whether to share with your team.
  6. Click Save.
When a Job starts, Duvo decrypts the secrets attached to that assignment and injects them as environment variables into the secure sandbox. The assignment can reference them from any code it runs during the Job. Secret values are write-only — once saved, you can view the key names but not the values. To update a value, open the secret, enter a new value for that key, and save.

Using Logins and Secrets in the Assignment Builder

Once you have added logins and secrets, you can attach specific ones to an assignment so they are available when it runs. In the Assignment Builder, a Logins and Secrets section appears in the builder header alongside Connections and Files. Use it to select which logins and secrets should be available to that assignment:
  1. Open your assignment in the builder.
  2. In the Logins and Secrets section of the builder header, click the plus button.
  3. Select the logins (by domain) and secrets (by name) you want to attach.
  4. Click Confirm to save your selection.
The selected logins and secrets are shown as pills in the builder header. The assignment will have access to them during any Job it runs.

Security

All logins and secrets are:
  • Encrypted at rest with AES-256, using keys managed by a cloud KMS.
  • Encrypted in transit over TLS 1.2 or higher.
  • Access-controlled: only your team and explicitly authorized assignments can use them.
  • Not used for training: credential values are never sent to a model provider for training.
Passwords and secret values are never saved in plaintext, and assignments cannot read or retrieve raw credential values directly. For a full overview of the credential security model and how to choose between Connections, Logins, and Secrets, see Secret Management.