Skip to content
RoZod

Secrets Store (v1)

OpenCloud v1 reference for Secrets Store.

Base URL: https://apis.roblox.com

Endpoints

Section titled “Endpoints”
MethodPathName
POST/cloud/v2/universes/:universeId/secretspostCloudV2UniversesUniverseIdSecrets
GET/cloud/v2/universes/:universeId/secretsgetCloudV2UniversesUniverseIdSecrets
PATCH/cloud/v2/universes/:universeId/secrets/:secretIdpatchCloudV2UniversesUniverseIdSecretsSecretId
DELETE/cloud/v2/universes/:universeId/secrets/:secretIddeleteCloudV2UniversesUniverseIdSecretsSecretId
GET/cloud/v2/universes/:universeId/secrets/public-keygetCloudV2UniversesUniverseIdSecretsPublicKey

postCloudV2UniversesUniverseIdSecrets

Section titled “postCloudV2UniversesUniverseIdSecrets”

POST /cloud/v2/universes/:universeId/secrets

BETA Creates a new secret. A maximum of 500 secrets per universe is allowed. Only the owner of the universe can create secrets. For group-owned universes, only the group owner or authorized members can create secrets. To encrypt the secret: 1. Get the public key using the Get Public Key endpoint 2. Encrypt your secret using LibSodium sealed box 3. Base64 encode the encrypted content Include the key_id from the public key response in the request. For an example, see the Secrets store guide. Engine: Not available in-engine

Scopes: universe.secret:write

Usage 
import { fetchApi } from 'rozod';
import { postCloudV2UniversesUniverseIdSecrets } from 'rozod/lib/opencloud/v1/secrets-store';


const data = await fetchApi(postCloudV2UniversesUniverseIdSecrets, {
  universeId: /* integer */,
  body: { /* ... */ }
});

Parameters

Section titled “Parameters”
NameTypeRequiredDescription
universeIdintegerYesThe universe ID

Request Body

Section titled “Request Body”
FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Response

Section titled “Response”
FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Errors

Section titled “Errors”
StatusDescription
400Bad Request
403Forbidden
409Conflict

getCloudV2UniversesUniverseIdSecrets

Section titled “getCloudV2UniversesUniverseIdSecrets”

GET /cloud/v2/universes/:universeId/secrets

BETA Lists all secrets defined for a universe. Secret content is not returned for security reasons - only metadata such as ID, domain, creation and update timestamps are included. Only the owner of the universe can list secrets. For group-owned universes, only the group owner or authorized members can list secrets. Engine: Not available in-engine

Scopes: universe.secret:read

Usage 
import { fetchApi } from 'rozod';
import { getCloudV2UniversesUniverseIdSecrets } from 'rozod/lib/opencloud/v1/secrets-store';


const data = await fetchApi(getCloudV2UniversesUniverseIdSecrets, {
  universeId: /* integer */,
  limit: /* integer? = 10 */,
  cursor: /* string? */
});

Parameters

Section titled “Parameters”
NameTypeRequiredDescription
universeIdintegerYesThe universe ID
limitinteger? = 10NoNumber of secrets to return per page (1-500, default 10)
cursorstring?NoPagination cursor from previous response

Response

Section titled “Response”
FieldTypeDescription
secretsobject[] | nullSee below
nextPageCursorstring | null
previousPageCursorstring | null

secrets[] item fields:

FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Errors

Section titled “Errors”
StatusDescription
400Bad Request
403Forbidden

patchCloudV2UniversesUniverseIdSecretsSecretId

Section titled “patchCloudV2UniversesUniverseIdSecretsSecretId”

PATCH /cloud/v2/universes/:universeId/secrets/:secretId

BETA Updates an existing secret. Only the owner of the universe can update secrets. For group-owned universes, only the group owner or authorized members can update secrets. Only the secret content, key_id, and domain can be updated - the secret ID cannot be changed. To encrypt the updated secret: 1. Get the current public key using the GetPublicKey endpoint 2. Encrypt your new secret content using LibSodium sealed box 3. Base64 encode the encrypted content Include the key_id from the public key response in the request. For an example, see the Secrets store guide. Engine: Not available in-engine

Scopes: universe.secret:write

Usage 
import { fetchApi } from 'rozod';
import { patchCloudV2UniversesUniverseIdSecretsSecretId } from 'rozod/lib/opencloud/v1/secrets-store';


const data = await fetchApi(patchCloudV2UniversesUniverseIdSecretsSecretId, {
  universeId: /* integer */,
  secretId: /* string */,
  body: { /* ... */ }
});

Parameters

Section titled “Parameters”
NameTypeRequiredDescription
universeIdintegerYesThe universe ID
secretIdstringYesThe ID of the secret to update

Request Body

Section titled “Request Body”

All fields are optional (PATCH partial update)

FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Response

Section titled “Response”
FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Errors

Section titled “Errors”
StatusDescription
400Bad Request
403Forbidden
404Not Found

deleteCloudV2UniversesUniverseIdSecretsSecretId

Section titled “deleteCloudV2UniversesUniverseIdSecretsSecretId”

DELETE /cloud/v2/universes/:universeId/secrets/:secretId

BETA Permanently deletes a secret from a universe. Only the owner of the universe can delete secrets. For group-owned universes, only the group owner or authorized members can delete secrets. This operation is irreversible. Make sure you no longer need the secret before deleting it. Engine: Not available in-engine

Scopes: universe.secret:write

Usage 
import { fetchApi } from 'rozod';
import { deleteCloudV2UniversesUniverseIdSecretsSecretId } from 'rozod/lib/opencloud/v1/secrets-store';


const data = await fetchApi(deleteCloudV2UniversesUniverseIdSecretsSecretId, {
  universeId: /* integer */,
  secretId: /* string */
});

Parameters

Section titled “Parameters”
NameTypeRequiredDescription
universeIdintegerYesThe universe ID
secretIdstringYesThe ID of the secret to delete

Response

Section titled “Response”

Type: unknown

Errors

Section titled “Errors”
StatusDescription
400Bad Request
403Forbidden
404Not Found

getCloudV2UniversesUniverseIdSecretsPublicKey

Section titled “getCloudV2UniversesUniverseIdSecretsPublicKey”

GET /cloud/v2/universes/:universeId/secrets/public-key

BETA Retrieves the public key for a universe. You need this key to encrypt secret content before sending it to Roblox. Only the owner of the universe can retrieve the public key. For group-owned universes, only the group owner or authorized members can retrieve the public key. The secret id field is static and always returns “public-key”. The returned public key in the secret field is universe-specific and derived from a master key using the universe ID. Use this key with LibSodium sealed box encryption to encrypt your secret content before creating or updating secrets. Include the key_id from the public key response in the request to create or update a secret. Engine: Not available in-engine

Scopes: universe.secret:read

Usage 
import { fetchApi } from 'rozod';
import { getCloudV2UniversesUniverseIdSecretsPublicKey } from 'rozod/lib/opencloud/v1/secrets-store';


const data = await fetchApi(getCloudV2UniversesUniverseIdSecretsPublicKey, {
  universeId: /* integer */
});

Parameters

Section titled “Parameters”
NameTypeRequiredDescription
universeIdintegerYesThe universe ID

Response

Section titled “Response”
FieldTypeDescription
idstring | null
secretstring | null
key_idstring | null
domainstring | null
create_timestring | null
update_timestring | null

Errors

Section titled “Errors”
StatusDescription
400Bad Request
403Forbidden