diff --git a/docs/contents/secrets/index.md b/docs/contents/secrets/index.md
new file mode 100644
index 0000000000000000000000000000000000000000..37c0a75a6b8f82ba3afefdacb67493a59de312ae
--- /dev/null
+++ b/docs/contents/secrets/index.md
@@ -0,0 +1,5 @@
+# Secrets
+
+Secrets are text payloads shared securely between the Arkindex instance and any worker. It is generally used to store sensitive values that may give Arkindex users access to any resources that should be private, for example because they cost money or are proprietary.
+
+For more information about secrets, please visit [the Arkindex documentation](https://doc.arkindex.org/secrets/).
diff --git a/docs/contents/secrets/usage.md b/docs/contents/secrets/usage.md
new file mode 100644
index 0000000000000000000000000000000000000000..035cf2776d16c972fc9d057d6792a0563be01d30
--- /dev/null
+++ b/docs/contents/secrets/usage.md
@@ -0,0 +1,53 @@
+# Usage
+
+## Accessing secrets in the API
+
+Since Arkindex 0.14.2, an API endpoint is available to retrieve secrets called
+[RetrieveSecret][api]. The endpoint cannot be accessed by regular users, but
+machine learning workers and administrators can use it.
+
+## Declaring secrets in workers
+
+Declaring a secret in your worker allows our [base worker package][base-worker]
+to retrieve the secret for you, and causes it to fail when the secret is
+missing from the Arkindex instance.
+
+### To declare a secret
+
+1. Add the secret's name to the `secrets` section of a worker in the
+   `.arkindex.yml` file:
+
+   ```yaml
+   ---
+   version: 2
+   type: worker
+
+   workers:
+    - slug: my_worker
+      name: My nice worker
+      docker:
+        build: Dockerfile
+      configuration:
+        threshold: 21.3
+
+      # Declare your secrets as below, only specifying their name
+      secrets:
+        - project/tool/credentials.json
+   ```
+
+For more information on the `.arkindex.yml` file,
+see [YAML configuration](../workers/yaml.md).
+
+## Accessing secrets in Python code
+
+Declared secrets will be made available to `Worker` classes as the
+`self.secrets` attribute, a Python `dict` mapping secret names to
+unencrypted secret content.
+
+### To access a secret in Python code
+
+1. Anywhere in the code, use `self.secrets["my_secret_name"]`,
+   where `my_secret_name` is the name of the secret.
+
+[base-worker]: http://pypi.org/pypi/arkindex-base-worker
+[api]: https://arkindex.teklia.com/api-docs/#tag/ponos/operation/RetrieveSecret
diff --git a/mkdocs.yml b/mkdocs.yml
index 3a56d06bfd9f175b8fb55f161da457ae2840970e..7c220ff11a7dde6087752584c193693c8e7ce68a 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -67,6 +67,9 @@ nav:
     - GitLab CI for workers: contents/workers/ci/index.md
     - YAML configuration: contents/workers/yaml.md
     - Template structure: contents/workers/template-structure.md
+  - Using secrets in workers:
+    - contents/secrets/index.md
+    - Usage: contents/secrets/usage.md
   - Python Reference:
       - Base Worker: ref/base_worker.md
       - Elements Worker: ref/elements_worker.md