From 55c71e7e3e5ce9660dbcba64fe51e80967e0abf4 Mon Sep 17 00:00:00 2001
From: LawyZheng <lawyzheng1106@gmail.com>
Date: Thu, 15 Jan 2026 15:58:07 +0800
Subject: [PATCH] optimize secrete value input (#4457)

---
 skyvern/exceptions.py                         |  7 +++++++
 skyvern/forge/sdk/workflow/context_manager.py | 14 ++++++++++++--
 skyvern/webeye/actions/handler.py             |  4 ++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/skyvern/exceptions.py b/skyvern/exceptions.py
index 58b9220f..193ae817 100644
--- a/skyvern/exceptions.py
+++ b/skyvern/exceptions.py
@@ -923,3 +923,10 @@ class PDFParsingError(SkyvernException):
         super().__init__(
             f"Failed to parse PDF '{file_identifier}'. pypdf error: {pypdf_error}; pdfplumber error: {pdfplumber_error}"
         )
+
+
+class ImaginarySecretValue(SkyvernException):
+    def __init__(self, value: str) -> None:
+        super().__init__(
+            f"The value {value} is imaginary. Try to double-check to see if this value is included in the provided information"
+        )
diff --git a/skyvern/forge/sdk/workflow/context_manager.py b/skyvern/forge/sdk/workflow/context_manager.py
index da9755f5..56c8e97f 100644
--- a/skyvern/forge/sdk/workflow/context_manager.py
+++ b/skyvern/forge/sdk/workflow/context_manager.py
@@ -11,6 +11,7 @@ from skyvern.exceptions import (
     AzureConfigurationError,
     BitwardenBaseError,
     CredentialParameterNotFoundError,
+    ImaginarySecretValue,
     SkyvernException,
     WorkflowRunContextNotInitialized,
 )
@@ -52,6 +53,8 @@ BlockMetadata = dict[str, str | int | float | bool | dict | list | None]
 
 jinja_sandbox_env = SandboxedEnvironment()
 
+RANDOM_SECRET_ID_PREFIX = "placeholder_"
+
 
 class WorkflowRunContext:
     @classmethod
@@ -243,8 +246,15 @@ class WorkflowRunContext:
         assume it's an actual parameter value and return it.
 
         """
+        if len(self.secrets) == 0:
+            return None
         if isinstance(secret_id_or_value, str):
-            return self.secrets.get(secret_id_or_value)
+            if secret_id_or_value.startswith(RANDOM_SECRET_ID_PREFIX):
+                if secret_id_or_value not in self.secrets:
+                    raise ImaginarySecretValue(secret_id_or_value)
+                return self.secrets[secret_id_or_value]
+            else:
+                return self.secrets.get(secret_id_or_value)
         return None
 
     def mask_secrets_in_data(self, data: Any, mask: str = "*****") -> Any:
@@ -292,7 +302,7 @@ class WorkflowRunContext:
 
     @staticmethod
     def generate_random_secret_id() -> str:
-        return f"placeholder_{generate_random_string()}"
+        return f"{RANDOM_SECRET_ID_PREFIX}{generate_random_string(length=4)}"
 
     async def _get_credential_vault_and_item_ids(self, credential_id: str) -> tuple[str, str]:
         """
diff --git a/skyvern/webeye/actions/handler.py b/skyvern/webeye/actions/handler.py
index 88aad5eb..aefd1990 100644
--- a/skyvern/webeye/actions/handler.py
+++ b/skyvern/webeye/actions/handler.py
@@ -39,6 +39,7 @@ from skyvern.exceptions import (
     FailToSelectByValue,
     IllegitComplete,
     ImaginaryFileUrl,
+    ImaginarySecretValue,
     InputToInvisibleElement,
     InputToReadonlyElement,
     InteractWithDisabledElement,
@@ -595,6 +596,9 @@ class ActionHandler:
         except LLMProviderError as e:
             LOG.exception("LLM error in action handler", action=action, exc_info=True)
             actions_result.append(ActionFailure(e))
+        except ImaginarySecretValue as e:
+            LOG.exception("Imaginary secret value", action=action, exc_info=True)
+            actions_result.append(ActionFailure(e))
         except Exception as e:
             LOG.exception("Unhandled exception in action handler", action=action)
             actions_result.append(ActionFailure(e))