Custom Auth Query and Security - Advice Needed

  • Goal: To authorize against an Oauth gateway using a single service account which will be shared accross all use cases. The grant_type will be password and a clientid/secret will be used. Also want to make sure the authorization body is secure. Suspect I need to use a Custom authorization workflow to achieve this but I may be wrong?

  • Steps: Created a custom auth workflow and this is returning the bearer token I need, which I'm writing to a magic variable and using down the line. However, I noticed that the creds appear in clear-text and I don't feel this is very secure (most other Retool Resource setups obfuscate the sensitive details from the end user). Image below shows what I mean (blurred for obvs reasons). Would like to at least be able to secure the client_secret.

  • Screenshots:

Any advice and suggestions welcomed!


Hi @dcsearle, you can secure your secrets using the config variables feature. See the doc Manage Configuration Variables | Retool Docs


Thanks Harry, I'll take a look into that and see if it fits :slight_smile: