Secrets Connector
Route: /app-connectors/secrets
Route: /app-connectors/secrets
Purpose
Secrets Connector is a high-sensitivity placeholder for secret metadata, access policy previews, and future secure backend tool use.
Boundary
It is not a 1Password, Bitwarden, iCloud Keychain, password manager, encrypted vault, or secret storage product.
Current MVP UI
- Sensitive data warning.
- Provider cards for 1Password, Bitwarden, iCloud Keychain, and Local Vault placeholders.
- Secret category metadata, access policy mock, AI boundary panel, and future vault architecture note.
Mock Data Model
The UI uses safe category labels only: API Keys, App Tokens, SSH Keys, and Recovery Codes. It never stores or displays real values.
Future Connectors
Future work may add secure vault architecture, provider metadata adapters, backend-only secret use, audit logs, and confirmation flows.
Alma Capabilities
Alma must never read raw secrets. It may only request actions through scoped backend tools that use secrets without exposing values.
Permission Boundaries
Metadata, reveal, and use-secret actions are separate scopes. Reveal is disabled. Backend use requires secure infrastructure and confirmation.
Backend Status
No vault, encryption layer, secret storage, provider SDK, backend route, database schema, or localStorage secret storage exists.
Security And Privacy
Raw secrets must never enter model context, logs, localStorage, mock data, docs, screenshots, or client-side state.