How to reference secret key in HTTP request

I’m using the HTTP Request plugins to make a POST to our cloud security platform, and the body of the request is simply

“token” : “secret”,
“users” : “user1, user2, user3”

What is the best way to reference an API token in Rapid 7 rather than pasting the token directly in the workflow? In my HTTPS Requests connection, I have created a secret with contains the token, is there a way I can reference this directly in the workflow?

I would personally refrain from using an HTTP request. I know not an answer to your question.

You can only use the Secret provided in the connection for the Default Headers field for Custom authentication type. If you need to pass a secret in the body of a request I would move over to the python plugin and create a connection with your secret there. Then, you can pass that secret as a variable into your python script with as an http request.