Mechanic now supports shop-level globals and secrets.
Use globals for visible reusable values like API URLs, location IDs, thresholds, shared JSON settings, or other configuration that multiple tasks need.
Use secrets for sensitive strings like access tokens, signing keys, webhook tokens, private keys, or passwords. After a secret is saved, Mechanic does not show its raw value again.
Tasks can reference globals and secrets from Liquid:
{{ globals.api_base_url }}
{{ secrets.webhook_token }}
Task authors can also expose globals and secrets as task option inputs. Use
__global
and __secret
option types to let the person configuring a task choose from saved shop values instead of pasting raw values into the task.Secrets are intentionally not ordinary Liquid strings. They are only resolved in reviewed secret-aware places, including HTTP actions, FTP connection fields, OAuth flows, and signing filters.
The goal is simple: less duplication, safer credentials, and cleaner task configuration.
Learn more: