---
title: Use secrets
description: Use secrets in a query with Flux.
url: https://docs.influxdata.com/influxdb/v2/admin/secrets/use/
estimated_tokens: 786
product: InfluxDB OSS v2
version: v2
---

# Use secrets

This page documents an earlier version of InfluxDB OSS. [InfluxDB 3 Core](/influxdb3/core/) is the latest stable version.

#### API token hashing is enabled by default in InfluxDB OSS 2.9.0

Stronger token security: tokens are stored as hashes on disk, so a copy of the database file doesn’t expose usable tokens. Existing tokens are hashed on first startup and the original strings can’t be recovered afterward — **capture any plaintext tokens you still need before you upgrade**.

For more information, see [Token hashing](/influxdb/v2/admin/tokens/#token-hashing).

## Use secrets in a query

Import the `influxdata/influxd/secrets` package and use the `secrets.get()` function to populate sensitive data in queries with secrets from your secret store.

```js
import "influxdata/influxdb/secrets"
import "sql"

username = secrets.get(key: "POSTGRES_USERNAME")
password = secrets.get(key: "POSTGRES_PASSWORD")

sql.from(
    driverName: "postgres",
    dataSourceName: "postgresql://${username}:${password}@localhost",
    query:"SELECT * FROM example-table",
)
```

[secrets](/influxdb/v2/tags/secrets/) [security](/influxdb/v2/tags/security/)