Restrict Access By Environment


We recently began experimenting with building with retool and I quickly ran into a security issue that I can't seem to get past.

Right now it seems access controls for retool plans only restrict based on application/component.

As things stand, I'm unable to task our developers with creating tooling in a develop environment without exposing sensitive keys/secrets that would be needed by our production internal tools.

If possible, it would be extremely useful to restrict access to environments as well. Doing so would allow us to build our applications in a "least-knowledge-needed" paradigm, which ultimately will be required for us to continue to build with retool.

1 Like

Retool allows access per environment and also at the query level. Have you read through the docs? What exactly are you trying to accomplish? This has been brought up several times in the forum. Also, if you can’t find info based on what you are trying to achieve, reach out to support. Are you on cloud or self hosted?

Hey @ScottR, we're currently on the cloud option.

I was told to post this feature request here by the support team as they told me that access restriction by environment was not possible.

What I'm trying to accomplish:

  • We have API servers that our org runs which can be accessed by providing an auth header along with the request.
  • I would like to create internal tooling which can access these Rest API endpoints with retool
  • I would like to give certain developers access to create these tools, but restrict them to only have access to the "develop / staging" environment variables in retool

Hey @pinatamatt,

Engineer here from Retool who worked on the environments feature.

Thanks for posting this and sharing your feedback! We've been seeing a lot of requests for assigning access to environments based on permission groups and it's something that is on our roadmap! We'll keep this thread updated as we make progress.



@mokshjawa thanks for the update. Do you have any ideas on roadmap timelines for this?