Paperclip uses different secret classes for different trust boundaries. Keep them separate.

Secret Classes

1. Paperclip infra secrets

These are owned by the deployment, not by any company or provider integration.
  • BETTER_AUTH_SECRET
  • PAPERCLIP_AGENT_JWT_SECRET
  • PAPERCLIP_SECRETS_MASTER_KEY or PAPERCLIP_SECRETS_MASTER_KEY_FILE
  • DATABASE_URL
  • PORKBUN_API_KEY and PORKBUN_SECRET_API_KEY

2. Paperclip company secrets

These are encrypted at rest and stored in the Paperclip database as company-scoped secret refs.
  • LLM keys used by agents
  • service tokens used by adapters
  • any other runtime value that should rotate without editing code or compose files

3. Provider-connected-account auth

These are external account grants, refresh tokens, webhook credentials, or opaque connection IDs managed by the provider layer.
  • keep the provider grant with the provider or connector
  • keep only the reference or sync metadata in Paperclip, if Paperclip needs to know about the connection at all

Default Provider: local_encrypted

Secrets are encrypted with a local master key stored at: 
~/.paperclip/instances/default/secrets/master.key
This key is auto-created during onboarding and never leaves the machine unless you deliberately copy the instance.

Configuration

CLI Setup

Onboarding writes default secrets config: 
pnpm paperclipai onboard
Update secrets settings: 
pnpm paperclipai configure --section secrets
Validate secrets config: 
pnpm paperclipai doctor

Environment Overrides

VariableDescription
PAPERCLIP_SECRETS_MASTER_KEY32-byte key as base64, hex, or raw string
PAPERCLIP_SECRETS_MASTER_KEY_FILECustom key file path
PAPERCLIP_SECRETS_STRICT_MODESet to true to enforce secret refs

Strict Mode

When strict mode is enabled, sensitive env keys matching *_API_KEY, *_TOKEN, *_SECRET, *_PASSWORD, and similar patterns must use secret references instead of inline plain values. 
PAPERCLIP_SECRETS_STRICT_MODE=true
Recommended for any deployment beyond local trusted.

Agent Env Binding

Agent environment variables use secret references: 
{
  "env": {
    "ANTHROPIC_API_KEY": {
      "type": "secret_ref",
      "secretId": "8f884973-c29b-44e4-8ea3-6413437f8081",
      "version": "latest"
    }
  }
}
The server resolves and decrypts these at runtime, injecting the real value into the agent process environment.

Rotating Hosted Secrets

For hosted deployments:
  1. rotate infra secrets in the platform secret store
  2. rotate company secrets through the Paperclip secret API
  3. rotate provider-connected-account auth in the provider UI or connector control plane
Do not mix those three rotation paths.

Recovery Notes

  • If the master key file is missing in local dev, paperclipai doctor can recreate it.
  • If strict mode is off in a PostgreSQL deployment, Paperclip will warn rather than fail, but that is still a policy gap.
  • Never commit decrypted values or copied .env values into repo-managed config.