# Add Secure Key

To enhance the security and control over who can execute the assigned `LitAction` granted to your PKP, you have the option to implement a Secure Key. This mechanism is analogous to using an API key, serving as an additional layer of authorization.

**Generating the Secure Key**

This secure key is generated when running `setActions()` where you will receive a 32-byte hash key. This key is generated randomly and returned.

{% hint style="warning" %}
Store this key in a secure location, your LitAction will not run without it.
{% endhint %}

**How It Works**

1. **Hash Generation**: The SHA-256 hash of the Secure Key is computed and permanently associated with the `LitAction`.
2. **Execution**: When you attempt to run the `LitAction`, you must provide the correct Secure Key as a parameter.
3. **Validation**: A function within the `LitAction` will then compare the SHA-256 hash of the provided key against the original hash stored in the`LitAction`. 
4. **Outcome**:
   * **Success**: If the hashes match, the `LitAction` will execute.
   * **Failure**: If the hashes do not match, the `LitAction` will not execute.

{% code overflow="wrap" fullWidth="true" %}

```typescript
// Pass true after the actions array to create and apply the Secure Key to your LitAction. Retrieve the secureKey value from the returned object array.
const {unsignedTransactionDataObject, litActionCode, secureKey} = await newCircuit.setActions([fetchAction, contractAction], true);

// Pass in the correct secure key to start
await newCircuit.start({publicKey, ipfsCID, authSig, secureKey});
```

{% endcode %}