> ## Documentation Index
> Fetch the complete documentation index at: https://beta-docs-prod.indices.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Secrets

The Indices platform can perform actions on authenticated endpoints, including those with multi-factor authentication (MFA) or OAuth flows.

You'll need to create a 2FA device for Indices, or give it the secret key of an existing device. Also, when automating on platforms like Twitter that require email 2FA on all logins by default, setup a new TOTP 2FA device so Indices can automatically complete the login flow.

## Creating secrets

On the [Secrets](http://platform.indices.io/secrets) page, you can store credentials on the platform. You can create:

* Login secrets: username and password, with optional TOTP 2FA
* Value secrets: API keys, tokens, and other credential values

### Setting up 2FA

When registering a new 2FA device in a service's dashboard, you'll typically see both a QR code and a text key like `CLAH6OEOV52XVYTKHGKBERP42IUZHY4D`.

If only the QR code is visible, use a [QR code reader](https://scanqr.org/) to view the URL, which looks like:

```
otpauth://totp/Service%20Name:test@example.com?secret=CLAH6OEOV52XVYTKHGKBERP42IUZHY4D&issuer=Example%20Service
```

Copy the secret value and paste it into the Indices dashboard. With this secret, the platform can generate 2FA codes to authenticate on your behalf.

### Best practices

* If the service supports multiple 2FA devices, register an additional device alongside your existing one
* If only one device is allowed, store the secret in your password manager as well. Multiple applications can use the same secret key

**Note on 2FA types:** Indices supports TOTP (Time-based One-Time Password), the most common 2FA method. Setup flows for "Google Authenticator", "Microsoft Authenticator" and similar apps all use TOTP and will work with Indices. We do not support SMS 2FA.

## Using secrets in tasks

### During task creation

When creating a task, simply add the secrets needed to perform the task.

For example, if your task is "Retrieve a list of checked-in customers from the hotel management system", you would select the login secret for that system during creation.

### During runs

After task creation, you can view which secrets the task uses.

Each secret is assigned a descriptive slot name (e.g. `MANAGEMENT_LOGIN`). When running a task, you can change which credentials to use by binding a different secret to this slot:

* **In the API:** Use the secret\_bindings parameter when creating a run
* **In the dashboard:** You'll be prompted to select which secret to use in the "Run" dialog

This allows you to reuse the same task with different credentials across runs.

<Note>
  **Example:** You create a task to retrieve checked-in customers from your Hotel Management System and provide your credentials during creation.

  After creation, you see the task uses a slot named `MANAGEMENT_LOGIN`.
  At runtime, you can switch to different credentials by updating the secret bindings:

  ```json theme={null}
  {
    "secret_bindings": {
      "MANAGEMENT_LOGIN": "01705c81-f7e1-4fa6-b8c6-bc525b8885f3"
    }
  }
  ```
</Note>

## Security

Secrets are encrypted at rest and in transit.
