Configure Source Control with GitHub

Learn how to set up Source Control for Self-hosted Retool with GitHub.


Source Control is only available to Enterprise users running Self-hosted Retool. You can book a demo with our Sales team to learn more about self-hosting Retool.

You can use Source Control with GitHub to manage changes using pull requests. You create a repository for Source Control to use, then configure a GitHub App for your Retool instance that commits, pushes, and pulls changes.

1. Create a Git repository


Do not use an existing Git repository

Source Control does not work with an existing Git Syncing repository.

First, create a new repository for Source Control. Ensure it contains a file and a main branch. Source Control uses this repository to store and track all changes.

2. Create and install a GitHub App

Create a GitHub App with the following settings. Refer to GitHub's guide for more information.

GitHub App nameThe name of your GitHub App.
Homepage URLThe URL of your GitHub App. This field is unused by Retool.
Expire user authorization tokensUnchecked
Request user authorization (OAuth) during installationUnchecked
Webhook > ActiveUnchecked
Permissions > ContentsRead and write
Permissions > Pull requestsRead and write
Where can this GitHub App be installed?Only on this account

Install the GitHub App

After you create your GitHub App, it should appear in the GitHub Apps section of your Developer Settings.

To install your GitHub App:

  1. Click Edit next to your app to see its settings.
  2. Click on Install App.
  3. Click the Install button next to your organization.
  4. Choose the Only select repositories option and select the repository created in the first section.
  5. You’ll be redirected to the installation page. The number at the end of the URL is the installation ID. Save this for later.

Installation screen

Save the app owner and app ID

On the same page, click on App settings underneath the GitHub App name. Save the Owned by and App ID fields for later.

Installation: About page

3. Generate a private key

  1. Navigate to the Private Keys section and click Generate a private key.
  2. Download and save the .pem key. The filename should use the format {github-app-name}.YYYY-MM-DD.private-key.pem.
  3. Base64-encode the contents of the file to use when configuring your instance. If you use Kubernetes Secrets, you must base64-encode this value twice.
base64 path/to/{github-app-name}.YYYY-MM-DD.private-key.pem > github-private-key.txt

4. Configure settings in Retool

Retool uses the information you've obtained to authenticate as your GitHub App. Set the following environment variables on the api and jobs-runner containers and then restart your containers.

GITHUB_APP_INSTALLATION_IDThe GitHub installation ID. This can be found at the end of the installation URL.GITHUB_APP_INSTALLATION_ID=123456
GITHUB_APP_PRIVATE_KEYThe base64-encoded private key.GITHUB_APP_PRIVATE_KEY=xxxxx

Deployments using self-hosted Retool v2.91 or above can optionally prevent the instance from pushing changes to GitHub. To lock version control, set the VERSION_CONTROL_LOCKED environment variable to true. This is useful for creating a "read-only" production instance of Retool.

Configure the GitHub repository

The GitHub repository configuration location differs based on the version of Self-hosted Retool you use.

Retool v2.97 and later

First, go to the Source Control tab in organization settings to configure the SCM provider.

Source control set up

Next, click Set up GitHub and enter the settings for the repository you created at the beginning of this guide. Refer to the GitHub settings section for details about these settings.

Set up GitHub

Retool v2.96 and earlier

Go the Advanced tab in organization settings. The Source Control Settings section should now be editable.

Enter the settings for the repository you created at the beginning of this guide. Refer to the GitHub settings section for details about these settings.

GitHub settings

GitHub ownerYesThe username or organization who owns the GitHub App, without the @ prefix, e.g., tryretool.
GitHub repositoryYesThe name of the repository you created to use with Retool.
GitHub branchYesThe default branch, e.g., main.
GitHub Enterprise URLNoThe domain used to access your self-hosted GitHub instance.
GitHub Enterprise API URLNoThe REST API route for your self-hosted GitHub instance. Defaults to https://[hostname]/api/v3.


The following errors are issues common to Source Control with GitHub. Refer to the guide to resolve common Source Control issues to learn about other common errors.

Internal Server Error

If the system time on the machine that Retool is running on is out of sync or has "drifted," Retool can have trouble authenticating with the GitHub API.

If you see 500 Internal Server Error when making a commit on a branch, or see errors such as 'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued in Retool API server logs, check that the system time where the Retool image is running is accurate. Restarting the system can solve this issue.

Cookies must be enabled to use GitHub

This error occurs when the GitHub Enterprise API URL provided is not an API route. Check the URL provided and confirm that it is a GitHub API route.

Unable to access GitHub

If your Retool instance is behind a firewall and cannot access the GitHub API, add to your allowlist to enable outbound requests.