Custom subdomains are already in alpha, if you need one for your project, please let us know.
Deta offers 3 types of secrets / keys / tokens:
Project Keys: This key interacts with your data and resources inside a project (currently allowing reads and writes for the project's Bases). A project key will be created for you when you create a project, while you can manage all of a project's keys from the 'Settings' option in any project's sidebar. If this key is leaked, the data stored in any of the connected project's Bases is compromised.
API Keys: This is an optional key to protect your Micro HTTP endpoint or to implement client-based rules. Creating API Keys from the Deta CLI is described here. Read more about API Keys here. If this key is leaked, your micro endpoint can be used by unwanted clients.
Access Tokens: This token lets other programs manage (create, modify & delete) your Micros, Projects and Bases on your behalf. It's mainly used to let you have programmatic access to our API. Use cases: CI/CD, Gitpod, GitHub actions. Information on Deta Access Tokens is here. If this key is leaked, your whole Deta account is compromised.
These types of keys are not unique to Deta, all other cloud providers use some variant of them.