Storing authentication tokens

duncanm · October 31, 2022, 9:55am

We've been creating resources in Retool with no problem. However most of the integrations we're setting up just use an authorization token in the header.

It's not very clear how to store these securely. Currently we're putting them in the header in the query set-up but this is available in plain text.

I've tried looking at custom auth and variables there but it seems to be the same story. You can set the token as a variable but it's still available in plain text.

Had a look here and didn't see much either: Custom API authentication

How can we store this type of auth tokens securely?

Kabirdas · November 9, 2022, 3:47am

Hey @duncanm!

We're currently developing a feature to allow you to be able to store sanitized instance-wide variables. It isn't currently in public beta but if you reach out to us directly (e.g. via in-app chat) we'll see if we can turn the experimental feature flag on for you!

duncanm · November 14, 2022, 3:02pm

Thanks, I'll do that

VM_Tech · May 4, 2023, 9:52am

Is this open to GA or still in beta?
How can we get this feature added to our account.

Serge · August 2, 2023, 5:48pm

Is this feature available on self-hosted instances?

Kabirdas · August 11, 2023, 3:57am

Yes! Configuration Variables are now out of beta and are publicly available for orgs on the Team, Business, or Enteprise plans using version 3.4.0 or higher. You can read more about the feature on our new docs page!

Topic		Replies	Views
Possible to hide API keys in REST query? 💬 Queries and Resources	8	1513	December 14, 2023
Storing tokens in custom auth 💬 Queries and Resources	11	3493	June 26, 2023
Custom Auth Flow variable storage and lifetime 💬 Queries and Resources welcoming-replies	2	124	September 30, 2024
How to hide Bearer Tokens from other Retool users? 💬 Queries and Resources	5	1361	May 23, 2024
Variable tokens for GraphQL resources 💬 Queries and Resources	2	1141	August 2, 2023

Storing authentication tokens

Related topics