Chilkat Secrets API
Unified, cross-platform secret management for passwords, tokens, and sensitive data.
What You Can Do
A simple, consistent API for all secret operations
- Create / Update secrets
- List all stored secrets
- Delete secrets
- Retrieve secret values
Where Secrets Can Live
One API — multiple storage backends
| Category | Storage Location |
|---|---|
| 💻 Local | Windows Credential Manager, Apple Keychain |
| ☁️ Cloud | AWS, Azure, IBM, Oracle, Doppler |
| ⚡ Dev / Runtime | In-memory |
️ Flexible Naming Model
Write once, works everywhere — no renaming needed
A secret name can include up to 4 components:
[appName] / service / [domain] / username
| Component | Required | Description |
|---|---|---|
appName |
No | Application identifier |
service |
Yes | Service name (e.g., OAuth2) |
domain |
No | Host or domain |
username |
Yes | User identity |
Components of a Secret Name
The components of a secret name (appName, service, domain, username) are simply a structured way to create a unique identifier—they don’t have fixed meanings. You can use them however you like to represent environments, systems, users, or anything else. Chilkat handles the formatting; your application defines the semantics.
For more information, see Components of a Chilkat Secret Name.
Example
{
"appName": "ChilkatTest",
"service": "OAuth2",
"domain": "office365.com",
"username": "joe@example.com"
}
Naming Variations
| Scenario | Result |
|---|---|
| All fields | app/service/domain/user |
| No appName | /service/domain/user |
| No domain | app/service/user |
| Required only | service/user |
Platform-Specific Behavior
️ Chilkat automatically adapts names for each provider
Windows Credential Manager
Uses Generic Credentials
ChilkatTest/OAuth2/office365.com/joe@example.com
- Only
/and%are encoded - Clean, readable naming
Apple Keychain
Splits into Service and Account
Service: ChilkatTest/OAuth2
Account: office365.com/joe@example.com
Logical separation of identity and purpose
️ AWS Secrets Manager
️ Strict ASCII-only naming
Chilkat automatically:
- Removes accents (
é → e) - Replaces invalid characters transparently
ChilkatTest/OAuth2/office365.com/joe@example.com
Azure Key Vault
- ️ Only letters, numbers, and
- - Chilkat transforms invalid characters:
- Uses
-as separator - Encodes special characters (e.g.,
.→--DOT--)
ChilkatTest-OAuth2-office365--DOT--com-joe--AT--example--DOT--com
IBM Cloud Secrets Manager
️ Allows: letters, numbers,
-,_,.
ChilkatTest-OAuth2-office365.com-joe--AT--example.com
Oracle Cloud Secrets
️ Only alphanumeric,
-,_
ChilkatTest-OAuth2-office365--DOT--com-joe--AT--example--DOT--com
Doppler Secrets
️ Uppercase + underscores only
CHILKATTEST_OAUTH2_OFFICE365__DOT__COM_JOE__AT__EXAMPLE__DOT__COM
Bootstrap Secret
The key to accessing cloud secrets
Before accessing cloud secret managers, you need a bootstrap secret:
- Typically stored locally
- Used for authentication (e.g., OAuth2 token)
- Set via:
SetBootstrapSecret
How It Fits Together
[Bootstrap Secret] → Authenticate → Access Cloud Secret Store → Manage Secrets
Key Advantages
Why use Chilkat Secrets?
- Portable naming across all providers
- Single API for local + cloud
- ️Automatic compliance with provider restrictions
- Zero friction switching between backends
Bottom Line
Write your code once — Chilkat handles the complexity everywhere else.