Creating Secrets

Warning:

Do not use sensitive or private information in any of the informational fields in the UI. This information is visible to other users.

You can store, manage, and reference API secrets securely in NetSuite at Setup > Company > Preferences > API Secrets. You can then reference these secrets in third party integrations, preventing the need for plaintext secrets in scripts. API secrets include hashes, passwords, keys, and other secrets for managing digital authentication credentials. Secrets up to 1,000,000 characters are accepted.

Tip:

Take note of your old and new passwords. It can take up to one hour for the new password to be updated. When you have secrets for SFTP username and password, the old username and password must remain functional for at least one hour after secrets for the new username and password are entered.

To create a secret:

  1. Go to Setup > Company > Preferences > API Secrets.

  2. At the top of the page, click Create New.

  3. In the Create New Secret window, on the Details tab, enter a descriptive name for this secret in the Name field. Do not use sensitive or private information. It is shown on the list of API Secrets.

  4. In the ID field, enter a script ID for this secret. The ID of the secret lets you access it using SuiteScript. You should make this a descriptive ID with no spaces or special characters. NetSuite prefixes the script ID with ‘custsecret'. Do not use sensitive or private information in this field. It is shown on the list of API Secrets.

  5. Either type the secret into the Password field, or load it from a file. Multi-line secrets must be loaded from a file.

  6. Enter your password again in the Confirm Password field.

  7. (Optional) Check the Expiration Warning box if you want a warning to be displayed in the UI when the secret is nearing the expiration date.

  8. In the Description field, enter a description of this secret. Do not use sensitive or private information. It is shown on the list of API Secrets.

  9. (Optional) On the Restrictions tab, check the Available To SuiteApp box to reference this secret from a specified SuiteApp; the secret is also created in the shared database and can be distributed with suiteapp.

    1. In the SuiteApp ID field, enter the SuiteApp that is allowed to reference the secret. You can specify only one SuiteApp.

    2. In the Allow On Test Accounts field, enter account numbers that are allowed to reference the secret even if it is not included in a SuiteApp installed from the SuiteApp Marketplace. Separate multiple accounts with a comma.

  10. (Optional) If you do not check the Available To SuiteApp box:

    1. In the Restrict to Employees field, select the users that are allowed to reference the secret using SuiteScript.

  11. In the Owners field, select the users that are allowed to access and manage the secret.

  12. Check the Allow For All Scripts box to allow any script in this account to access this secret using SuiteScript 2.x. If you clear this box, you must list script IDs for scripts that should have access in the Restrict to Scripts field.

  13. In the Restrict To Scripts field, enter the script IDs that are allowed to reference the secret. Separate multiple script IDs with a comma.

  14. Check the Allow For All Domains box to allow this decrypted secret to be sent to any domain. If you clear this box, you must list domains that should have access in the Restrict to Domains field.

  15. In the Restrict To Domains field, enter the domains where decrypted passwords can be sent (applicable to SFTP and HTTPS only). Separate multiple domains with a comma. If you do not intend to use the secret with SFTP or HTTPS, consider adding an invalid domain to prevent the decrypted version of the secret from being sent or shared.

  16. Click Save.

Related Topics

Secrets Management
Filtering Secrets
Managing Secrets
Access to Secrets
Supported SuiteScript 2.x modules
Code Sample

General Notices