diff --git a/communicate/alerts/channels.mdx b/communicate/alerts/channels.mdx
index a7357853..3a10e39b 100644
--- a/communicate/alerts/channels.mdx
+++ b/communicate/alerts/channels.mdx
@@ -4,6 +4,8 @@ description: 'Configure notification channels to receive alerts when checks fail
sidebarTitle: 'Channels'
---
+import AlertChannelSecrets from '/snippets/alert-channel-secrets-callout.mdx';
+
Alert channels determine **how** alert notifications reach your team when checks fail, degrade, or recover. Checkly supports a wide range of notification methods to fit your team's communication preferences and operational workflows.
## Available Alert Channels
@@ -59,6 +61,12 @@ Verify the channel works correctly with test notifications
+## Using variables and secrets in channel configs
+
+Any literal-secret field in an alert-channel configuration — webhook URL, API key, bearer token, PagerDuty service key, and so on — accepts a reference to an account [environment variable](/platform/variables) or [secret](/platform/secrets) using `{{NAME}}` syntax. The channel UI also lets you promote an inline value to a secret without leaving the page.
+
+
+
Use Checkly's alert notification log to track delivery success rates and identify any channels that frequently fail to deliver notifications.
\ No newline at end of file
diff --git a/integrations/alerts/webhooks.mdx b/integrations/alerts/webhooks.mdx
index 0bd455dc..ba119c20 100644
--- a/integrations/alerts/webhooks.mdx
+++ b/integrations/alerts/webhooks.mdx
@@ -4,6 +4,8 @@ description: "Create custom webhook integrations to send Checkly alerts to any A
sidebarTitle: "Webhooks"
---
+import AlertChannelSecrets from '/snippets/alert-channel-secrets-callout.mdx';
+
**Monitoring as Code**: Learn more about the [Webhook Alert Channel Construct](/constructs/webhook-alert-channel).
@@ -20,7 +22,7 @@ Webhooks allow you to POST custom payloads to any endpoint in your own infrastru
The example above shows a webhook configured to create a Jira ticket on each event. Notice the following:
-- We use the variable `JIRA_INSTANCE_URL` in the URL. We previously stored this variable in the [environment variables section](https://app.checklyhq.com/environment-variables). Alerting configurations only support the use of environment variables, secrets are not supported.
+- We use the variable `JIRA_INSTANCE_URL` in the URL. We previously stored this variable in the [environment variables section](https://app.checklyhq.com/environment-variables). Alert-channel configurations accept both [environment variables](/platform/variables) and [secrets](/platform/secrets) using the same `{{NAME}}` syntax.
- We use the variable `CHECK_ID` in the payload. This is one of many event-based variables that will change with each call. See below for the complete list.
In both cases we use the familiar Handlebars templating braces, i.e. `{{ }}` to insert the variable.
@@ -29,6 +31,8 @@ In both cases we use the familiar Handlebars templating braces, i.e. `{{ }}` to
To avoid encoding, you can access your environment variables with triple brackets, i.e. `{{{USER_API_KEY}}}`
+
+
You can use the following event-related variables in both URL and payload.
| Variable | Description |
diff --git a/integrations/incident-management/pagerduty.mdx b/integrations/incident-management/pagerduty.mdx
index 62ac6faa..ad076b9c 100644
--- a/integrations/incident-management/pagerduty.mdx
+++ b/integrations/incident-management/pagerduty.mdx
@@ -4,6 +4,14 @@ description: 'Learn how Checkly integrates seamlessly with PagerDuty, delivering
sidebarTitle: 'PagerDuty'
---
+import AlertChannelSecrets from '/snippets/alert-channel-secrets-callout.mdx';
+
+
+
+
+The PagerDuty channel's `serviceKey` (integration key) accepts environment-variable references — e.g. `{{PAGERDUTY_SERVICE_KEY}}` — so you can store the integration key as an account secret instead of inline in the channel config.
+
+
Checkly integrates with [Pagerduty](https://pagerduty.com) and can deliver all failure and recovery events
to your Pagerduty account. After setting up the integration, Checkly will:
diff --git a/platform/secrets.mdx b/platform/secrets.mdx
index 260edc6c..a57e2897 100644
--- a/platform/secrets.mdx
+++ b/platform/secrets.mdx
@@ -140,6 +140,10 @@ process.env.CHECKLY_SECRET_TOKEN = await fetchFromAWS('auth-token')
This is particularly useful for organizations that prefer not to store secrets in Checkly and want to maintain their existing secret management infrastructure. [Learn more about dynamic secret scrubbing](/platform/dynamic-secret-scrubbing).
+## Using secrets in alert channels
+
+Secrets also work in alert-channel configurations — webhook URLs, API keys, PagerDuty service keys, and any other literal-secret field accept the same `{{NAME}}` reference syntax. See [Alert channels](/communicate/alerts/channels) for details and the inline promote-to-secret affordance.
+
### Security and Usability Balance
Use dedicated test users, test cards etc. These test users should have minimal privileges in your app. Do not use your admin or root user. Make sure you can easily disable or block these users without recourse.
diff --git a/snippets/alert-channel-secrets-callout.mdx b/snippets/alert-channel-secrets-callout.mdx
new file mode 100644
index 00000000..d3b781e5
--- /dev/null
+++ b/snippets/alert-channel-secrets-callout.mdx
@@ -0,0 +1,7 @@
+
+**Using environment variables and secrets in this channel's config**
+
+Any literal-secret field in this alert channel — webhook URL, API key, bearer token, service key, etc. — accepts a [variable](/platform/variables) or [secret](/platform/secrets) reference using the familiar Handlebars syntax: `{{MY_VARIABLE}}`.
+
+You can also promote a value to a secret directly from the field: type the literal value, click the lock icon next to the input, and choose a name. The value is stored as an encrypted account secret and is never re-displayed in the UI.
+