Using environment variables to provide secrets like database passwords, bearer tokens has many advantages in on-premise set ups, including:
- Easily automate rotating secret credentials
- Keeping sensitive information secret
- Start off by defining an environment variable
RETOOL_EXPOSED_DB_PASSWORDwith the value being your database connection string. Depending on how you have set up your Retool, you may need to restart the docker container.
In order to avoid leaking potentially sensitive environment variables we only allow users to read environment variables with the
- Create a new Postgres connection, and choose to use the connection string format. Then fill it out as below.
In the above, we used replaced what would have normally been the database password with
Note: this works for any field that you define - so you could even use environment variables when configuring the headers you send in an API request.
- Press save, and Retool is now configured to use the provided database password from the environment.
Do I need to restart Retool after changing the environment variable?
In most cases, you will need to restart the container when you modify the environment variables.
Updated 10 months ago