Assets & Secrets
Supaspec provides an asset library for build artifacts and secret storage for environment variables, so everything needed for a build lives in one place alongside your spec.
Asset Library
Upload files that agents need during the build — logos, fonts, schemas, configuration files, or any reference material. Assets are accessible via MCP, so agents can read them directly.
Supported operations
- list — List all assets in a project
- get — Get metadata and download URL for an asset
- upload — Upload a file (max 500KB, base64 encoded)
- delete — Remove an asset
Common use cases
- Logo SVGs and favicon PNGs for branding consistency
- Font files referenced in the UI spec
- JSON schemas for API validation
- OpenAPI/Swagger definitions
- Database seed data files
Secret Storage
Store environment variables and API keys securely. Agents can read secrets via MCP to configure builds without exposing sensitive values in the spec itself.
Supported operations
- list — List all secret keys (values decrypted)
- get — Get a single secret by key
- set — Create or update a key-value pair
- delete — Remove a secret
- export_env — Export all secrets as
.envformat
Example secrets
DATABASE_URL=postgresql://... STRIPE_SECRET_KEY=sk_live_... NEXTAUTH_SECRET=... RESEND_API_KEY=re_...
Automating Builds
With assets and secrets pre-configured, a coding agent can set up the full development environment automatically: pull the spec, download assets, export secrets to .env, and start building — no manual configuration needed.