Applies to: Katapult customers. If your organization does not use Katapult, you can skip this article.
In this guide
Do this first. Who: Org Admin.
The secrets vault is where you store the credential that lets Cloneable connect to your Katapult account. Storing this key is the very first thing to do when you get into a new organization, because nothing else in the Katapult round trip can happen until it is in place.
What a secret is, and which ones you need
A "secret" is a sensitive value (like an API key) that Cloneable stores safely and never shows back to you once saved. For the Katapult connection there are two:
Your Katapult API key (required). This is the credential that lets Cloneable talk to your Katapult account to import jobs and export data back. Every Katapult customer needs this.
Your private Katapult domain address (only some customers). If your organization runs Katapult on its own private or self-hosted address rather than the standard Katapult site, Cloneable needs to know that address. If you use the standard Katapult site, you can skip this one. If you are not sure, ask whoever manages Katapult for your organization, or ask Cloneable.
Where the secrets vault lives
Open Settings, then Secrets Vault. (You can also reach it from the menu under your name at the bottom of the left sidebar.) The Secrets Vault is visible to Org Admins.
On the page you will see the heading Secrets Vault, a short line explaining that secrets are stored securely for use in triggers and workflows, a Create Secrets button, and a table listing any secrets you already have (with their name, description, and when they were created). Secrets are grouped under two tabs, Platform Secrets and Trigger Secrets; your Katapult key is a platform secret.
How to add your Katapult key
Click Create Secrets, then Add Platform Secrets.
In the "Select Platform" chooser, pick Katapult. The name of the secret is filled in for you and cannot be changed.
Paste your Katapult API key into the value field (it behaves like a password field and is masked).
Click Save All Secrets. The save button becomes available once every secret you are adding has both a name and a value.
If your organization is on a private Katapult domain, the domain address is stored as a second secret, and Cloneable sets this one up for you. You do not need to add it yourself: ask Cloneable (or whoever manages your Katapult connection) to add your private Katapult domain address, then confirm it is in place.
Getting the key from Katapult. The API key comes from your Katapult account, not from Cloneable. In Katapult, open the Apps menu in the top right, go to Home, and find the API key section, where you can copy an existing key or generate a new one. If there is no API key section, your Katapult account does not have API access turned on; you request that from Katapult, since Cloneable cannot enable it for you.
If your key stops working. If your key ever stops working (for example, if it was regenerated in Katapult, or your organization moved to a different Katapult server), you update it here in the same place.
A second way in
You do not strictly have to visit Settings first. The first time someone creates a Katapult job, the job setup includes a Connect to Katapult step with a field labeled "Katapult API Key" and instructions for getting it from Katapult. Entering it there saves the same secret. Either path works; the Secrets Vault is simply the dedicated home for it.
Security notes
Secrets are stored encrypted and are never displayed back after you save them. If you need to change one, you overwrite it with a new value.
Treat your Katapult API key like a password. Anyone with it can act against your Katapult account.
Setting the Katapult key is a customer task, done by your Org Admin. Cloneable does not need you to email the key anywhere; you enter it directly in the vault.
