# SECRET

Provides the ability to hide credentials from queries.

Passing credentials in queries can leave them exposed in plain text during parameterization which means they can be seen in logs and the process list. To counter this, you can use the `SECRET()` function. `SECRET()` takes a string (such as a password or other sensitive information) and replaces it with the literal string "\<password>" during parameterization. The string is unchanged for the query however..

## Syntax

```sql
SECRET(str)

```

## Arguments

* str: any string

## Return Type

String

## Remarks

* There are two cases where the string passed in the `SECRET()` function could still be exposed:&#x20;

  * When `SECRET()` is used as a column without an alias:&#x20;
    ```sql
    SELECT SECRET(argument);
    ```
    Instead, use something like:
    ```sql
    SELECT SECRET(argument) AS column_name;
    ```
  * When the `NOPARAM()` function is combined with `SECRET()`:
    ```sql
    SECRET(NOPARAM(argument));
    ```

## Example

```sql
CALL db.log_in_now('root', SECRET('super-secret-password'));

```

## Related Topics

* [NOPARAM](https://docs.singlestore.com/db/v9.1/reference/sql-reference/code-generation-functions/noparam.md)

***

Modified at: November 18, 2022

Source: [/db/v9.1/reference/sql-reference/string-functions/secret/](https://docs.singlestore.com/db/v9.1/reference/sql-reference/string-functions/secret/)

(An index of the documentation is available at /llms.txt)