A Secret Key is a server-side API credential provided by Stripe that grants full access to your account’s sensitive data and functionality, such as creating charges, issuing refunds, and modifying account settings. In apps like Charge for Stripe, this key is used securely in the background to execute your commands. It must remain confidential and never be exposed in client-side code (like a website’s HTML).

FAQs:

  • What should I do if my Secret Key is compromised?
    You must “roll” (regenerate) the key immediately in the Stripe Dashboard. This invalidates the old key and requires you to update any apps or servers using it.
  • Can I have multiple Secret Keys?
    Yes, you can generate multiple keys for different systems, though using Restricted Keys is often safer for specific tasks.
  • Does the Secret Key start with “sk_”?
    Yes, Stripe Secret Keys typically begin with sk_live_ (for live mode) or sk_test_ (for test mode).

Related Terms: