update Open Source Docs from Roblox internal teams

content/common/navigation/engine/guides.yaml

@@ -510,6 +510,8 @@ navigation:
             path: /cloud-services/memory-stores/per-partition-limits
           - title: Best practices
             path: /cloud-services/memory-stores/best-practices
+      - title: Secrets stores
+        path: /cloud-services/secrets
       - title: Cross-server communication
         path: /cloud-services/cross-server-messaging
   - title: Roblox for Unity developers
@@ -583,8 +585,10 @@ navigation:
         section:
           - title: Overview
             path: /production/promotion/advertise-on-roblox
-          - title: Ads Manager
+          - title: Ad campaigns
             path: /production/promotion/ads-manager
+          - title: Reporting and billing
+            path: /production/promotion/reporting-and-billing
           - title: Search ads
             path: /production/promotion/search-ads
           - title: Sponsored items

content/en-us/cloud-services/secrets.md

@@ -0,0 +1,66 @@
+---
+title: Work with secrets
+description: Securely manage API keys, passwords, and assess tokens for third-party services with your experience's secrets store.
+---
+
+Roblox offers a secrets store for each experience. Secrets are sensitive information like API keys, passwords, and access tokens that you use to authenticate with external services. For example, if you want to connect to a third-party analytics or music service, you likely need to use an API key to authenticate with it.
+
+You could copy and paste the API key into a script or add it to a data store, but those approaches carry unnecessary security risks. The better solution is to use the secrets store and access the key using a small set of secure methods.
+
+## Add secrets
+
+To view, create, or edit secrets, you must be the experience owner or group owner. You can have up to 500 secrets per experience.
+
+1. Navigate to the [Creator Dashboard](https://create.roblox.com/dashboard/creations).
+
+1. Select your experience, and then choose **Secrets** > **Create Secret**.
+
+1. Provide a name, the secret, and the applicable domain.
+
+   - The name acts as a unique identifier for the secret, so we recommend something descriptive.
+   - Secrets can be up to 1,024 characters in length. API keys and access tokens should come from the service provider, but if the secret is a password, you probably created it yourself.
+   - You can use a limited wildcard syntax for the domain, such as `*` for any domain (not recommended) or `*.example.com` for any subdomain at `example.com`. Specific domains are even better, such as `my.example.com`.
+
+{/* Note the ability to manage these using Open Cloud when that arrives. */}
+
+### Local secrets
+
+Secrets are only available to live game servers or [Team Test](../studio/testing-modes.md#collaborative-testing) environments. If you try to access a secret from a local test server, such as the **Play** button in Studio, you receive a `Can't find secret with given key` error.
+
+To specify secrets for local testing, see [Game Settings](../studio/game-settings.md#security).
+
+## Use secrets
+
+Before using secrets within your experience, you must enable **Allow HTTP Requests** in the [Game Settings](../studio/game-settings.md#security) **Security** tab. Then call `Class.HttpService:GetSecret()` within a script:
+
+```lua
+local HttpService = game:GetService("HttpService")
+
+local testSecret = HttpService:GetSecret("test_secret")
+```
+
+Part of the appeal of using secret stores is that you can't accidentally print a secret. Instead of the secret itself, the following code outputs the name you provided when creating the secret:
+
+```lua
+print(testSecret) --> Secret(test_secret)
+```
+
+You can't manipulate the string directly. Instead, the `Datatype.Secret` data type lets you add a prefix and suffix to the secret to help form a URL or insert content like `Bearer`:
+
+```lua
+local HttpService = game:GetService("HttpService")
+
+local testSecret = HttpService:GetSecret("test_secret")
+
+local prefix = "https://my.example.com/endpoint?apiKey="
+local suffix = "&user=username"
+local url = testSecret:AddPrefix(prefix)
+url = url:AddSuffix(suffix)
+print(url) --> https://my.example.com/endpoint?apiKey=Secret(test_secret)&user=username
+```
+
+After you have a URL with the secret inserted, you can make standard HTTP requests using methods like `Class.HttpService:RequestAsync()`. Of course, you can ignore these methods and insert the secret directly into a header, too.
+
+<Alert severity="info">
+You can't include secrets in the HTTP request body, only the URL and headers.
+</Alert>

content/en-us/production/monetization/immersive-ads.md

@@ -65,7 +65,7 @@ How publishers earn:
 
 - **Portal ads** are static, non-clickable images with a door that teleports users into an advertiser's experience. Advertisers bid on a teleport. Publishers earn for each successful teleport. A teleport is when a user enters the portal and arrives at the advertiser's experience.
 
-To learn more about how advertisers are billed, you can refer to our overview on [ads billing](../promotion/ads-manager.md#ads-billing).
+To learn more about how advertisers are billed, you can refer to our overview on [ads billing](../promotion/reporting-and-billing.md#billing).
 
 Roblox pays out earnings on the 25th of the following month from when you inserted ad units into your experience. For example, if you insert ad units during the month of March, your payout date for the viewable impressions and successful teleports from those ad units is April 25th. You can track your collective earnings from ad Immersive Ads either through the **My Transactions** or **Group Transactions** page. You can also analyze their overall performance through metrics graphs on the Creator Dashboard.