Vault

The Vault stores reusable values your configurations need — sensitive ones as secrets, plain ones as variables — so they live in one managed place instead of being scattered (and exposed) across your YAML.

Open Vault from the app navigation. It has two sections:

Variables

Variables are plain, reusable values — endpoints, service names, environment names, and similar. Manage them in the Variables section: add, edit, and remove entries.

Reference a variable from any configuration field with:

$var:NAME

For example, $var:PROD_OTLP_ENDPOINT. On export, variables are substituted directly into the configuration.

Secrets

Secrets hold sensitive values — API keys, passwords, tokens. They're stored encrypted and are never written in plaintext into your configurations. Manage them in the Secrets section.

Reference a secret with:

$secret:NAME

For example, $secret:GRAFANA_API_KEY. On export, a secret becomes an environment-variable reference (e.g. ${NAME}) rather than the literal value, so the real secret stays out of the YAML, out of shared links, and out of version history.

The Secrets section is rolling out and may not be visible on every account yet. Variables are available to everyone.

Why use the vault

• Keep secrets out of configs. Shared/public configurations and published versions never contain real credentials.
• Reuse values. Change an endpoint once and every config that references it follows.
• Safer AI and sharing. Referencing $secret:/$var: keeps sensitive values out of AI prompts and shared configurations.

Using vault references

You can type a $secret:NAME or $var:NAME reference into component fields in the configuration panel, and Telflo resolves it correctly when it generates and exports the YAML.