A4J does not support secret storage. The obvious use case for storing a secret would be for outgoing webhooks, where someone might require an API token in the custom request headers. https://codebarrel.atlassian.net/browse/AUT-2230 solves a specific case of this for first-party clients, but does not explicitly require the implementation of secret storage, so this ticket has been created instead.

An ideal outcome would be a way for users to securely add and remove secrets per automation rule or project, similar to Bitbucket Pipelines variables (which are encrypted at rest), which can then be referenced from within automation rules