# What counts as a secret?

<h2 align="center"><sub>This page means</sub></h2>

<table><thead><tr><th width="357">A secret here</th><th>Not a secret in this sense</th></tr></thead><tbody><tr><td><sub>Anything that lets a third party bill you, read mail, write repos, or act as your bot</sub></td><td><sub>Public URLs, doc links, or your own marketing copy</sub></td></tr><tr><td><sub>API keys, tokens, PATs, integration secrets, webhook signing secrets</sub></td><td><sub>The fact that you <em>use</em> Stripe or Notion (that is not private)</sub></td></tr></tbody></table>

<h2 align="center"><sub>The list (memorize the shape, not every prefix)</sub></h2>

{% stepper %}
{% step %} <sub>**Integration secrets**</sub>

<sub>In</sub> <sub></sub><sub>**Settings**</sub> <sub></sub><sub>for Serper, Firecrawl, GitHub, Vercel, Neon, Stripe, Telegram, Resend, Notion, Claude, E2B, and similar.</sub>
{% endstep %}

{% step %} <sub>**Session & identity**</sub>

<sub>Material tied to</sub> <sub></sub><sub>*your*</sub> <sub></sub><sub>sign-in (password manager entries, recovery codes). Those live with your identity provider habits, not inside ARIA tables.</sub>
{% endstep %}

{% step %} <sub>**Labels**</sub>

<sub>**Anything labeled “secret,” “private,” “internal integration,” or “signing”**</sub> <sub></sub><sub>in a vendor console.</sub>
{% endstep %}
{% endstepper %}

<h2 align="center"><sub>Three Habits</sub></h2>

{% stepper %}
{% step %} <sub>**First**</sub>

<sub>If you are unsure, treat it as a secret. Downgrading later is easier than unwinding a paste into a shared doc.</sub>
{% endstep %}

{% step %} <sub>**Second**</sub>

<sub>Prefer</sub> <sub></sub><sub>**Test**</sub> <sub></sub><sub>in the product over “I will curl it from my laptop” when you want proof. Tests are designed to exercise the same server path the app uses.</sub>
{% endstep %}

{% step %} <sub>**Third**</sub>

<sub>**`Remove`**</sub> <sub></sub><sub>button in ARIA deletes the stored value from this workspace’s integration store. It does</sub> <sub></sub><sub>**not**</sub> <sub></sub><sub>revoke the key at the vendor. Rotation happens in the vendor console first.</sub>
{% endstep %}
{% endstepper %}

***

<h2 align="center"><sub>Ask a question</sub></h2>

<p align="center"><sub><strong>Where did you paste a key “just to try”?</strong></sub> <br><sub>If the answer is a chat tool, rotate at the vendor and re-save in Settings after.</sub></p>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ariaagi.com/security-and-privacy/what-counts-as-a-secret.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.