Some deployment systems, like Docker swarm and Docker secrets, require secret values to be read from the file system instead of being set through environment variables. For instance, instead of setting a
POSTGRES_PASSWORD in your environment, you point
POSTGRES_PASSWORD_FILE to a text file that contains the password. In these cases, Retool supports reading certain environment variables from the file system.
This feature requires Retool version 2.66.10 or greater. You also need the ability to set non-secret environment variables.
At startup, Retool looks for the configured secret files and sets them as environment variables for running the container, not the entire system. Make sure to set the
RETOOL_LOAD_FILE_SECRETS environment variable to
true. Without this, Retool doesn't load secrets from the file system.
Instead of adding secrets to the environment directly, add the path to where your secrets are stored on the file system and append
_FILE to the end of each environment variable name. For example, if you want to set the
ENCRYPTION_KEY, you’d set
ENCRYPTION_KEY_FILE to the path on the file system where the file exists.
When starting Retool, you can check the logs to verify the environment variables are set:
RETOOL-CONFIG: RETOOL_LOAD_FILE_SECRETS is true, reading the following secrets from the filesystem RETOOL-CONFIG: Setting ENCRYPTION_KEY via /path/to/key
If you don't see messages similar to this, see the troubleshooting section.
Retool supports managing your own secrets using environment variables prefixed with
RETOOL_EXPOSED. You can use the file system to manage these secrets too.
Instead of using the
RETOOL_EXPOSED prefix, use
RETOOL_FILE_EXPOSED. For example, if you want multiple resources to use your database password, set
RETOOL_FILE_EXPOSED_DB_PASSWORD to the path on the file system.
|This error means the path in the |
|This means the path provided in the |
This feature only works with the following environment variables:
Updated 10 months ago