DocsAutomation

Secrets

Plexus keeps sensitive values out of plaintext config by storing them in your operating system's keystore.

Where secrets live

Secrets are written to the native credential store for your platform — never to Plexus's own config, database, or logs.

PlatformBacking store
macOSKeychain
WindowsCredential Manager
LinuxSecret Service (freedesktop keyring)

Write-only by design

Secrets support three operations: set a value, check whether one exists, and delete it. There is deliberately no read-back. Once a secret is stored, the interface can only confirm that a value is present or absent — it can never display, copy, or return it.

This is a security boundary, not a missing feature. Values stay inside the backend and the OS keystore; they never cross into the UI. To change a stored secret, set it again with a new value. To retire one, delete it.

How hooks use secrets

Your hooks run as shell commands, so they read whatever they need from their own environment and from the worktree — including environment files brought in by worktree.copyPaths (see Sessions & worktrees).

To protect your credentials, Plexus scrubs its own sensitive environment before spawning any hook child process. The Anthropic credentials Plexus uses to run Claude Code — ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN — are always stripped, even if a hook tries to set them itself. This is automatic and unconditional.

Hooks otherwise inherit a normal environment (your PATH, HOME, and toolchain), so they can run the tools they need without ever seeing your agent credentials.

Repo-committed hooks in .plexus/hooks.json run with the same shell access you have. Treat a project's hooks as code you are about to execute: review them before enabling repo hooks on a repository you don't trust.