> ## Documentation Index
> Fetch the complete documentation index at: https://docs.duvo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Secret Management

> The three tiers for giving an agent access to an external system — Connections, Logins, and Secrets — how each protects the value, and how to choose the right one.

Duvo lets your agents work inside your systems without giving them the kind of blanket access a human has. Every credential your team connects is isolated, encrypted at rest, and scoped to the smallest slice of work it is needed for.

There are three ways to give an agent access to an external system. Each is a different trade-off between protection and flexibility. Use the most protected option available for the system you are connecting.

***

## The Three Tiers

### Tier 1 — Connections (maximum protection)

**What it is:** Duvo's hosted Connections, such as Gmail, Google Sheets, Slack, and HubSpot.

**How it works:** When you enable a Connection, Duvo stores the access token on our side, inside a dedicated, isolated service. Your agent never receives the raw token. When the agent needs to act — read a spreadsheet, send an email, post a message — it calls a tool, and Duvo uses the token to complete the action and returns only the result.

**Why it is the most protected:**

* The secret never leaves Duvo's infrastructure.
* The agent cannot see, log, or copy the token. It sees only the outcome of the call.
* Access is narrowly scoped to the specific tool the agent is allowed to use.

**Use it when:** the external system appears on the [Connections page](https://app.duvo.ai/integrations). If a Connection exists, use it.

***

### Tier 2 — Logins (balanced)

**What it is:** Saved website and application Logins (domain, username, password, optional two-factor code) used for browser automation and desktop sessions (Computer Use and Windows Remote Desktop).

**How it works:** When the agent needs to sign in to a website or application, the secure runtime — the browser sandbox or the desktop session — looks up the matching Login by domain and fills it in. The password and 2FA secret are decrypted only inside that runtime and are never included in the agent's reasoning context.

**Why it is well protected:**

* Encrypted at rest with AES-256.
* Passed directly to the browser or desktop session, not to the agent.
* Scoped to the exact domain it was saved for.

**Use it when:** the target system does not offer a Connection and the agent needs to drive a web UI or desktop application — an internal portal, a legacy app, or a SaaS product without a Duvo Connection.

For detailed steps on adding and managing Logins, see [Logins and Secrets](/user-guide/resources/my-logins).

***

### Tier 3 — Secrets (maximum agility)

**What it is:** Named bundles of environment variables (API keys, tokens, database URLs, or anything that fits in an environment variable) attached to an agent.

**How it works:** When a Run starts, Duvo decrypts the Secrets attached to that agent and injects them as environment variables into the secure sandbox where the Run executes. The agent can reference them from any code it executes during the Run.

**Why it is the most flexible:**

* Works with any third-party system that accepts a token or key.
* Lets agents call custom APIs, command-line tools, or internal services.
* Same encryption and access controls as the other tiers. The difference is that the value is available inside the sandbox for the duration of the Run.

**Use it when:**

* No Connection exists for the system and it is not a website.
* You need to call a custom API, a CLI, or an internal service.
* You accept that the agent will have access to the value during the Run. Duvo's guardrails instruct the agent to treat values as sensitive and never echo them back, but Tier 3 is inherently less isolated than Tier 1 or Tier 2.

For detailed steps on adding and managing Secrets, see [Logins and Secrets](/user-guide/resources/my-logins).

***

## Choosing the Right Tier

| Scenario                                                               | Recommended          |
| ---------------------------------------------------------------------- | -------------------- |
| Gmail, Slack, Google Sheets, HubSpot, and other supported services     | Tier 1 — Connections |
| A website the agent needs to log into and click through                | Tier 2 — Logins      |
| A custom API, CLI, or database credential with no Connection available | Tier 3 — Secrets     |

<Tip>
  **Rule of thumb:** if a Connection exists, use it. Reach for Logins or Secrets only when no Connection is available.
</Tip>

***

## Sharing and Ownership

Every Login and Secret is either personal or shared with the team:

* **Personal** Logins and Secrets belong to the user who created them. Other team members cannot see or use them.
* **Shared** Logins and Secrets are available to every agent in the workspace. Team members cannot view the values — only agents acting on behalf of the team can use them during a Run.

New Logins and Secrets are personal by default. You can share one with your team from its settings menu.

***

## How Secrets Are Protected

Regardless of tier:

* **Encrypted at rest** with AES-256, using keys managed by a cloud KMS.
* **Encrypted in transit** over TLS 1.2 or higher.
* **Access-controlled:** only your team and explicitly authorized agents can use them.
* **Not used for training:** credential values are never sent to a model provider for training. Anthropic traffic runs under Zero Data Retention.

For Duvo's broader security posture — governance, audits, monitoring, and incident response — see [Security & Privacy](/user-guide/resources/security-and-privacy).
