Working with Secrets

Every now and then we may want Devin to access a protected web resource. While Devin is working, it may ask you to provide credentials (API keys, logins, etc.) within the current conversation, like so…

Devin

Alternatively, you can set sessions secrets yourself:

Devin

Persisted Secrets

Other times you might prefer to store secrets that persist to future sessions.

This is now possible in the Settings & Library > Secrets! Note that any secrets you share here will be usable by Devin in all future Devin sessions within your organization. All secrets are encrypted at rest. New secrets are only available to Devin in sessions created after you added the secret.

There are 3 types of secrets available:

  1. Log in as you normally would to the account you’d like to share with Devin. This will generate cookie(s).

  2. Get the cookie(s) from the browser store:

    • Download the browser extension Share your cookies
    • (1) export the cookie using the extension (2) test that importing the cookie in another chrome profile works - meaning you become logged in after importing the cookie (3) add the cookie to the Secrets page

  3. When using cookies, Devin should find that it’s already logged in when it navigates to the site(s) that you provided cookies for. Tell Devin to give it a try!

One-Time Password

Devin can now handle two-factor authentication (2FA) using a one-time password (OTP). To do this, you’ll need to give Devin the information provided at the time 2FA is set up on Devin’s account for the specific application:

  1. Access Devin’s account for the service that requires 2FA.
  2. Go to the account security settings and look for an option to regenerate or view the QR code. This may be called Set up or Replace Authenticator.
  3. If the application allows, select the option to view the QR code.
  4. Once the QR code is displayed on your screen, take a screenshot to convert it into a data string using a tool like https://webqr.com/.
  5. Paste the generated data string into Devin’s Secrets.
Only provide 2FA codes associated with accounts that were specifically set up for Devin’s use only. We do not recommend giving Devin any 2FA codes to your personal accounts.

Tips

  • Some applications may not allow you to view the existing QR code once 2FA is enabled. In such cases, regenerating the QR code is the only option.
  • Always save any new backup codes provided during the process in a secure location.
Machine SnapshotsInteracting with Devin's Machine