Hey @summer
Thank you for reaching out to the Retool community. Let me address each of your questions below.
1. License Key — Using it on both environments during migration
Yes, this is fully supported. There is no limit to the number of separately deployed instances you can spin up with a single license key. Users are de-duplicated by email address, so running both environments simultaneously during your 1–2 day migration window will not affect your user count or licensing.
2. ENCRYPTION_KEY and JWT_SECRET
-
ENCRYPTION_KEY— Must remain the same. This key encrypts sensitive data in the PostgreSQL database (e.g., resource credentials, SSH keys). Per the docs: "If you change this key, you will lose access to all resources that were created before the change". Since you're restoring a snapshot of the existing database, the new environment must use the exact sameENCRYPTION_KEYto decrypt stored credentials. -
JWT_SECRET— Should remain the same. This key signs authentication tokens. If changed, all active user login sessions are invalidated. Keeping it the same allows users to remain logged in during cutover. Changing it won't cause data loss but will force all users to re-authenticate.
3. Additional considerations
-
Keep the same Retool version (3.52.3) on the new K8s deployment initially. This avoids introducing database migration changes during the infrastructure move. Upgrade after confirming the new environment is stable.
-
Keep the same PostgreSQL version on the new database to reduce the risk of unforeseen issues. You can upgrade PostgreSQL separately after the migration is validated.
-
Retool Database (if applicable): If you use Retool Database, it is separate from the platform database and requires its own migration and configuration via the
RETOOLDB_POSTGRES_*environment variables. -
Carry over all environment variables: Beyond
ENCRYPTION_KEYandJWT_SECRET, ensure all other env vars from your Docker setup ( SSO, custom domains, cookie settings, source control, etc ) are replicated in your K8s Helmvalues.yamlor Kubernetes secrets.
Please let us know if you have any follow-up questions! I would be happy to help further.
Regards,
John | Retool Support