---
title: Use secrets
description: Use secrets in a query with Flux.
url: https://docs.influxdata.com/influxdb/v2/admin/secrets/use/
estimated_tokens: 288
product: InfluxDB OSS v2
version: v2
publisher: InfluxData
canonical: https://docs.influxdata.com/influxdb/v2/admin/secrets/use/
date: '2023-11-06T15:53:12-07:00'
lastmod: '2023-11-06T15:53:12-07:00'
---

This page documents an earlier version of InfluxDB OSS.[InfluxDB 3 Core](/influxdb3/core/) is the latest stable version.

#### API token hashing is enabled by default in InfluxDB OSS 2.9.0

Stronger token security: tokens are stored as hashes on disk, so a
copy of the database file doesn’t expose usable tokens. Existing
tokens are hashed on first startup and the original strings can’t
be recovered afterward — **capture any plaintext tokens you still
need before you upgrade**.

For more information, see [Token hashing](/influxdb/v2/admin/tokens/#token-hashing).

## Use secrets in a query

Import the `influxdata/influxd/secrets` package and use the `secrets.get()` function
to populate sensitive data in queries with secrets from your secret store.

```js
import "influxdata/influxdb/secrets"
import "sql"

username = secrets.get(key: "POSTGRES_USERNAME")
password = secrets.get(key: "POSTGRES_PASSWORD")

sql.from(
    driverName: "postgres",
    dataSourceName: "postgresql://${username}:${password}@localhost",
    query:"SELECT * FROM example-table",
)
```

[secrets](/influxdb/v2/tags/secrets/)[security](/influxdb/v2/tags/security/)