Possible to hide API keys in REST query?

I want to add a REST call to the query library but the call requires an API key entered as a parameter. Is there any way to hide this so others with access to the query library can't see the API key?

Hey @hanni, are you running on-prem or cloud?

You can add environment variables but they're only accessible on a self-hosted retool instance

@minijohn thanks for the response, unfortunately I'm on the cloud (for now)

Hey @hanni

Unfortunately, there isn't a built-in way to do this with Retool at the moment but we are looking to add functionality that would allow it!

Has the above requested functionality been added?

Hey @Yash_Meduri!

This is still in progress, at the moment there isn't an option to sanitize certain REST headers in the preview of the request itself.

However, there is a feature to allow you to be able to store sanitized instance-wide variables that are accessible in the resource editor. It isn't currently in public beta but if you reach out to us directly (e.g. via in-app chat) we'll see if we can turn the experimental feature flag on for you!

Hey @Kabirdas, I messaged directly via in-app chat. It'll be great if you could turn on the experimental feature for me. It would mean a lot. Thanks a ton in advance.

Hey folks!

Just a quick update here that Retool now supports sanitizing custom headers with a new option on your resource configuration screen:

Configuration variables are now also publicly available as part of work the dev team has done around better secrets management(docs)!