The Art of Keeping Secrets: Security in Google Apps Script

Security of any IT system relies on many factors, including the security of credentials, API keys, and other essential details collectively known as “secrets.” If leaked, these secrets can lead to the system being compromised, resulting in data breaches, deletion, scams, and other adverse effects.

This concern is particularly relevant for Google Apps Script. First, these scripts often need access to external systems, requiring you to store secrets within the script itself or somewhere close. Second, Apps Scripts are frequently linked to shared documents, automatically granting access to the script. Without proper care, these secrets may be exposed.

Storing secrets safely in Apps Script is complex. It relies on various surrounding factors, such as how the script is run, who has access to the document, and the volume of data updated. There’s no universal solution; a comprehensive approach is required.

In this post, we’ll explore different options for storing secrets in Apps Script, ranging from the least to most secure. We’ll review the pros and cons of each approach and guide you in selecting the best method for your situation. To highlight the vulnerabilities of each option, we’ll assume that any user with access to the credentials could be malicious. While this may seem drastic, it’s a vital consideration, as even trustworthy users’ accounts can be hacked, leading to unauthorized access to other systems.

Options for Storing Secrets in Apps Script

Secrets Directly in the Code

The simplest way to store secrets is to do it in the code as plain text:

const API_KEY = "not really a secret"


  • Quick and simple.


  • No security. Anyone with read permissions to the script or document the script is attached to, can access the secret.

While convenient, this method is only suitable if you alone have access to the script. Even then, it’s risky.

Encrypted Secrets in the Code

Encrypting secrets and prompting the user for a “password” to decrypt them is another option. However, Apps Script lacks built-in cryptographic functionality, so external libraries like crypto-js are needed. Here is an example of how to use this library in Apps Script.


  • More secure than plain text storage.


  • The script must decrypt the secret at runtime, where it can be logged or otherwise compromised by anybody who has edit permissions.
  • Since the encrypted secret is accessible to anyone with read permissions, the perpetrator could save it and brute-force the password.
  • Since you are asking the user the password every time, you cannot schedule the script to run automatically.
  • Prompting the user for a password every time will encourage the user to store it less securely.

Overall, this method is complex and has many drawbacks. Plus there are more appealing alternatives.

Script Properties

Google Apps Script provides a PropertiesService that allows you to store values attached to a user, script, or document (if there is an attached document). In the documentation Google even mentions that Script Properties are typically used to store “the username and password for the developer’s external database”. Let’s see how it can work.

 1// Retrieves secret from the Script Properties or throws an error
 2function getScriptSecret(key) {
 3  let secret = PropertiesService.getScriptProperties().getProperty(key)
 4  if (!secret) throw Error(`Secret ${key} is empty`)
 5  return secret
 9// Example
10const API_KEY = getScriptSecret("API_KEY")
11const CLIENT_ID = getScriptSecret("CLIENT_ID")

You (and everybody else with edit access) can see and manage the script properties in the settings:

Script Properties interface in Apps Script settings
Script Properties interface in Apps Script settings


  • Only script editors will have access to the secrets.


  • All script editors will have access to the secrets. Editors include all accounts that have edit access to the document where this script is attached to.

This is a reasonably good option if you absolutely trust the people who have edit access. If a script is attached to a document, you could also use document properties, although they do not offer any additional benefits and will not be visible in the settings.

User Properties

Similar to the Script Properties, you could store secrets in User Properties. These properties are accessible only to the user who created them. There is no interface to edit them: you will need either to manually save them the first time or prompt the user for secrets, if they are not there:

 1// Retrieves or prompts and stores a secret in UserProperties
 2function getSecret(key) {
 3    const userProperties = PropertiesService.getUserProperties()
 4    let secret = userProperties.getProperty(key)
 5    if (secret) return secret
 7    // If secret is not set, prompt the user to enter it
 8    const ui = SpreadsheetApp.getUi()
 9    const result = ui.prompt(
10        "Secret Management",
11        `Please enter ${key}`,
12        ui.ButtonSet.OK_CANCEL
13    )
15    // If user clicked "OK", save the secret to User Properties
16    if (result.getSelectedButton() === ui.Button.OK) {
17        secret = result.getResponseText()
18        userProperties.setProperty(key, secret)
19        return secret
20    } else {
21        // User clicked "CANCEL" or closed the prompt
22        throw Error(`User has not entered the secret ${key}`)
23    }
26// Clears a secret from UserProperties
27function clearSecret(key) {
28  const userProperties = PropertiesService.getUserProperties()
29  userProperties.deleteProperty(key)
32// Clearing secrets
33function clearSecrets() {
34  clearSecret("API_KEY")
35  clearSecret("CLIENT_ID")
39// Example
40const API_KEY = getSecret("API_KEY")
41const CLIENT_ID = getSecret("CLIENT_ID")

Prompting user for the script:

Prompting user for a secret when running the script for the first time
Prompting user for a secret when running the script for the first time


  • Only you will have access to the secret unless the script logs it at the runtime.
  • You can schedule the script to run periodically under your account.


  • If other users can edit the script, they can log the secret when you run the script from your account (either manually or on trigger). Even if you catch it, the secrets will be compromised.
  • If you need other people to run the script on their own, you will have to provide them with the secrets.

Google Cloud’s Secret Manager

You could use Google Cloud Secret Manager to store the secrets and retrieve them from the Apps Script. The setup is more involved and deserves its own post. Here we will look at its pros and cons.


  • You can re-use the secrets stored in the Manager in many different scripts. And, if you need to change them, you can do it in one place.
  • Same level of security as storing with User Properties.


A Detached Script

If many people need access to a document that needs to be updated with a script, you could use a completely detached script so only you or a very limited group will have access to it. In that script you could store the credentials either in the User or Script properties.


  • It is one of the most secure options: only people who have edit access to the script can compromise the secrets.


  • To update a document from a detached script, you will have to grant the script very wide permissions scopes like which would allow the script to do anything with your documents. This is not the safest approach. You can read about security scopes here.
  • From the script you cannot manipulate the user interface of the document: show alerts, custom menus, etc.
  • You will have to rely mostly on time scheduled script triggers. You cannot easily run the remote script from the document, for example, to do a manual update. You could still do it by using a script attached to a document and running the remote script via API or . However, both things require a rather involved setup.

Two Documents, Attached Script, and IMPORTRANGE

Similar to the previous method, you could separate presentation of the data from its update. To achieve it, create two documents: one for presentation and another for storing raw data. They will be connected via an IMPORTRANGE function so Google will manage updating data between the documents.


  • It is one of the most secure options: only people with edit access to the second document/script could compromise the secrets.
  • The update script does not need extra permissions.


  • You will still have to rely mostly on scheduled runs of the script.
  • You will be subject to IMPORTRANGE limitations: there is a limit on volume of data that can be transferred in one go. According to the documentation it is 10 MB per update. In practice it usually means that you can import up to 200,000 cells in one IMPORTRANGE. Plus, if the source sheet is updated too often, your updates can be throttled.
  • Sometimes IMPORTRANGE errors out due to random factors. To mitigate it you will need to wrap it in IFERROR function that will retry if an error occurs:
    IMPORTRANGE("<document>", "<range>"),
    IMPORTRANGE("<document>", "<range>")

Do Not Store Secrets, Prompt User Every Time

The safest way to store secrets in Apps Script is not to store them at all. Each time the user runs a script, you could ask them for the secret. The code is similar to the one above where we were storing the secrets in User Properties:

 1function promptUserForSecret(key) {
 2    // Prompt the user to enter it
 3    const ui = SpreadsheetApp.getUi()
 4    const result = ui.prompt(
 5        "Secret Management",
 6        `Please enter ${key}`,
 7        ui.ButtonSet.OK_CANCEL
 8    )
10    // If user clicked "OK"
11    if (result.getSelectedButton() === ui.Button.OK) {
12        return result.getResponseText()
13    } else {
14        // User clicked "CANCEL" or closed the prompt
15        throw Error(`User has not entered the secret ${key}`)
16    }
20// Example
21const API_KEY = promptUserForSecret("API_KEY")
22const CLIENT_ID = promptUserForSecret("CLIENT_ID")


  • The secret is not stored anywhere and can only leak if the script logs or otherwise records the it.


  • You will be limited to running the script manually: it will not have the secrets when run on time trigger.
  • This method is still vulnerable to script edits: anybody who has edit access can modify the script and intercept the secret.
  • Forcing users to enter the secret every time, nudges them to store it somewhere accessible which can be less secure than doing it with other options.
  • Every user who you needs to run the script has to explicitly know the secrets.

How to Choose Optimal Way to Store Secrets

As you can see, there are multiple ways to store secrets in Apps Script. There is no one-size-fits-all approach. When choosing a way to store secrets in Apps Script, it’s essential to take into account various factors. Here’s a breakdown to help guide your decision:

  1. Considerations About Other People:
    • Read Access: If others have read access, avoid storing secrets in plain text. Anyway, it is better to avoid it altogether.
    • Edit Access: If others can edit the document or script, assess trust levels. Even trusted individuals can have their accounts compromised.
  2. Script Use Case:
    • Run Type: Whether the script runs on schedule or manually will impact your options for storing secrets.
    • User Interaction: If the script needs to be run manually, will it be only you or other users as well?
    1. Functionality of the Script:
    • How much and what kind of data will the script transfer? Can it be imported into a separate document and transferred with an IMPORTRANGE?
    • Does the script need to interact with the user interface: alerts, prompts, custom menus, etc.?
  3. Consequences of Compromised Secrets:
    • The more damaging the result, the more paranoid you should be when storing the secrets.
    • What data will the leaked secrets grant access to?
    • Do you track access with those secrets?
    • Can you revoke or invalidate those secrets?
    • Can user update or delete data using those secrets?

This is a chart that illustrates common scenarios and questions when choosing a way to store secrets in Apps Script.

How to decide which method to use to store secrets in Google Apps Script
How to decide which method to use to store secrets in Google Apps Script

It is important to always keep security of your Apps Script projects in mind and storing secrets is an integral part of this issue. Hopefully, this guide has provided you with valuable insights into the various methods available for storing secrets and how to choose the best for your situation.