update Open Source Docs from Roblox internal teams

rbx-open-source-docs[bot] · rbx-open-source-docs[bot] · commit d30724a62f7f · 2025-08-21T22:05:57.000Z
diff --git a/content/common/navigation/cloud/guides.yaml b/content/common/navigation/cloud/guides.yaml
@@ -16,6 +16,8 @@ navigation:
         path: /cloud/guides/data-stores/throttling
   - title: Assets
     path: /cloud/guides/usage-assets
+  - title: Secrets stores
+    path: /cloud/guides/secrets-store
   - title: User inventories
     path: /cloud/guides/inventory
   - title: Engine instances
diff --git a/content/common/navigation/cloud/reference.yaml b/content/common/navigation/cloud/reference.yaml
@@ -112,6 +112,8 @@ navigation:
         path: /cloud/api/localization
       - title: Publish
         path: /cloud/api/publish
+      - title: Secrets store service
+        path: /cloud/api/secrets-store
       - title: Toolbox service
         path: /cloud/api/toolbox-service
   - title: Open Cloud v2
diff --git a/content/en-us/assets/audio/audio-objects/US-Female-Voice-2.wav b/content/en-us/assets/audio/audio-objects/US-Female-Voice-2.wav
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4f53a5b60e01c8210537057a0f48cd122e76a7b868d35a5e34ed684467da098f
-size 211244
+oid sha256:a6d434149dbceea91d5cce6864ce40554ce11c12ba18b33d033192de8b32d801
+size 264078
diff --git a/content/en-us/assets/audio/audio-objects/US-Male-Voice-2.wav b/content/en-us/assets/audio/audio-objects/US-Male-Voice-2.wav
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fdc0c107efb1b394b51b5fe7464e7a806a3f0293e95eb8fa40ed3cf17f87d8ae
-size 211244
+oid sha256:ff70b05255636a00875a98dcf554dac6d4133fc142ec0b0e1a69d7fc9f30801e
+size 262478
diff --git a/content/en-us/cloud/guides/secrets-store.md b/content/en-us/cloud/guides/secrets-store.md
@@ -0,0 +1,74 @@
+---
+title: Secrets stores
+description: Covers usage for the Secrets store API.
+---
+
+In addition to [managing your secrets within experiences](../../cloud-services/secrets.md), you can manage secrets using the Open Cloud secrets store API.
+
+Before using the API, you must [generate an API key](../auth/api-keys.md) with the `secret-store` API system or [configure your OAuth 2.0 app](../auth/oauth2-overview.md) with the `universe.secret` scope type. The examples on this page use API keys.
+
+## Secret encryption
+
+When creating or updating secrets on Roblox, you must encrypt secrets with a [LibSodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) and your experience's public key, and then base64-encode the result.
+
+First, get your experience's public key:
+
+```bash
+curl --location 'https://apis.roblox.com/cloud/v2/universes/{universeId}/secrets/public-key' \
+--request GET \
+--header 'x-api-key: <your-secret-here>' \
+```
+
+Next, create a sealed box and base64-encode it. The example below uses Python and [PyNaCl](https://pynacl.readthedocs.io/en/latest/public/#nacl-public-sealedbox). (Run `pip install pynacl` to install it locally).
+
+```python
+from base64 import b64encode
+from nacl import encoding, public
+
+public_key = "Zgj4+V7vSaEZ06rXazKJUIcUnVa95tUNiwXAif/vdHo="
+secret_content = "my_api_key_content"
+public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
+sealed_box = public.SealedBox(public_key)
+encrypted = sealed_box.encrypt(secret_content.encode("utf-8"))
+print(b64encode(encrypted).decode("utf-8"))
+```
+
+You can then create or update a secret using the output. This example creates a new secret:
+
+```bash
+curl --location 'https://apis.roblox.com/cloud/v2/universes/6930499524/secrets' \
+--request POST \
+--header 'Content-Type: application/json' \
+--header 'x-api-key: <your-secret-here>' \
+--data '{
+    "id": "mySecret",
+    "secret": "fP9scJkcDk492F4c1VHZ5QS8v2qsAg7uI+NVVEw6zC0GBnj7xpi7UrNr++lCfr4wyq3ia9Uuu+Ao8HtIXz2gRxBX",
+    "key_id": "1200590785272263122"
+}'
+```
+
+After you create one, see [Use secrets](../../cloud-services/secrets.md#use-secrets) to use your secret in experience.
+
+## Update secrets
+
+To update the above secret:
+
+```bash
+curl --location 'https://apis.roblox.com/cloud/v2/universes/6930499524/secrets/mySecret' \
+--request PATCH \
+--header 'Content-Type: application/json' \
+--header 'x-api-key: <your-secret-here>' \
+--data '{
+    "secret": "2Fczw/PL7woOzHnGHQ65sT0MbzJjEOlfibyKxy374CqzFyEb2QTS8grtNBgG/0sfIvSHEo9JWN+pUr0NTPs0V6lj",
+    "key_id": "1200590785272263122"
+}'
+```
+
+If you need to clean up a secret, a deletion request looks like this:
+
+```bash
+curl --location 'https://apis.roblox.com/cloud/v2/universes/6930499524/secrets/mySecret' \
+--request DELETE \
+--header 'Content-Type: application/json' \
+--header 'x-api-key: <your-secret-here>'
+```
diff --git a/content/en-us/reference/cloud/cloud.docs.json b/content/en-us/reference/cloud/cloud.docs.json
@@ -2865,13 +2865,13 @@
         "x-roblox-scopes": [
           {
             "description": "Required",
-            "name": "memory-store.queue:write"
+            "name": "memory-store.queue:add"
           }
         ],
         "x-roblox-docs": {
           "category": "Data and memory stores",
           "methodProperties": {
-            "scopes": ["memory-store.queue:write"]
+            "scopes": ["memory-store.queue:add"]
           },
           "resource": {
             "$ref": "#/components/schemas/MemoryStoreQueueItem",
diff --git a/content/en-us/reference/cloud/openapi.json b/content/en-us/reference/cloud/openapi.json
diff --git a/content/en-us/reference/cloud/secrets-store-service/v1.json b/content/en-us/reference/cloud/secrets-store-service/v1.json
diff --git a/tools/checks/utils/allowedHttpLinks.txt b/tools/checks/utils/allowedHttpLinks.txt
