fatima

Per user secrets

Store values visible only to the user key that owns them.

Per-user secrets are Vault entries written while authenticated with a user key. They are visible to that user key and scoped to the environments that key can access.

Use per-user secrets for values that should not become shared project secrets, such as personal API tokens, developer-only credentials, or local overrides.

How they differ from project secrets

Secret typeWritten byVisible to
Project secretPassword-authenticated sessionPassword sessions and user keys scoped to the environment.
Per-user secretUser-key-authenticated sessionThe same user key for the scoped environment.

Per-user secrets are stored encrypted in the Vault file. They do not require adding a shared project secret.

API method

fatima api '{"method":"vault.setUserSecret","params":{"key":"fatima_user_...","options":{"cwd":"."},"environment":"development","secretKey":"PERSONAL_TOKEN","value":"user-only-token"}}'

The method requires user-key authentication. Password-authenticated sessions cannot write per-user secrets.