Manage secrets with environment variables

Learn how to use secrets to manage environment variables.

You can use environment variables to manage secrets like database passwords and bearer tokens. This allows you to automatically rotate secret credentials, and it helps protect sensitive information.

1. Define the RETOOL_EXPOSED_DB_PASSWORD variable

Set the RETOOL_EXPOSED_DB_PASSWORD variable to your database connection string. Depending on how you set up Retool, you might need to restart the Docker container.


To avoid leaking potentially sensitive environment variables, Retool only allows users to read environment variables with the RETOOL_EXPOSED_ prefix.

2. Create a new Postgres connection

Add a new Postgres connection and use the connection string format. Make sure to replace the database password with the %RETOOL_EXPOSED_DB_PASSWORD% variable. It should look something like this.

You can use environment variables like this for any field that you define. For example, you could use environment variables to configure the headers you send in API requests.

3. Save and restart the container

Click Save and restart the container.