Variables and Secrets
Introduction
Centralized configuration and management of environment variables and secrets for sensitive data storage, configuration data reuse, and environment configuration isolation.
Differences from .env
| Feature | .env File | Dynamically Configured Variables and Secrets |
|---|---|---|
| Storage Location | Stored in the .env file in the project root directory | Stored in the environmentVariables table in the database |
| Loading Method | Loaded into process.env using tools like dotenv during application startup | Dynamically read and loaded into app.environment during application startup |
| Modification Method | Requires direct file editing, and the application needs to be restarted for changes to take effect | Supports runtime modification, changes take effect immediately after reloading the application configuration |
| Environment Isolation | Each environment (development, testing, production) requires separate maintenance of .env files | Each environment (development, testing, production) requires separate maintenance of data in the environmentVariables table |
| Applicable Scenarios | Suitable for fixed static configurations, such as main database information for the application | Suitable for dynamic configurations that require frequent adjustments or are tied to business logic, such as external databases, file storage information, etc. |
Installation
Built-in plugin, no separate installation required.
Usage
Configuration Data Reuse
For example, if multiple places in the workflow require email nodes and SMTP configuration, the common SMTP configuration can be stored in environment variables.
Sensitive Data Storage
Storage of various external database configuration information, cloud file storage keys, etc.
Environment Configuration Isolation
In different environments such as development, testing, and production, independent configuration management strategies are used to ensure that the configurations and data of each environment do not interfere with each other. Each environment has its own independent settings, variables, and resources, which avoids conflicts between development, testing, and production environments and ensures that the system runs as expected in each environment.
For example, the configuration for file storage services may differ between development and production environments, as shown below:
Development Environment
Production Environment
Environment Variable Management
Adding Environment Variables
- Supports single and batch addition
- Supports plaintext and encrypted storage
Single Addition
Batch Addition
Notes
Restarting the Application
After modifying or deleting environment variables, a prompt to restart the application will appear at the top. Changes to environment variables will only take effect after the application is restarted.
Encrypted Storage
Encrypted data for environment variables uses AES symmetric encryption. The PRIVATE KEY for encryption and decryption is stored in the storage directory. Please keep it safe; if lost or overwritten, the encrypted data cannot be decrypted.
Currently Supported Plugins for Environment Variables
Action: Custom Request
Auth: CAS
Auth: DingTalk
Auth: LDAP
Auth: OIDC
Auth: SAML
Auth: WeCom
Data Source: External MariaDB
Data Source: External MySQL
Data Source: External Oracle
Data Source: External PostgreSQL
Data Source: External SQL Server
Data Source: KingbaseES
Data Source: REST API
File Storage: Local
File Storage: Aliyun OSS
File Storage: Amazon S3
File Storage: Tencent COS
File Storage: S3 Pro
Not adapted
Map: AMap
Map: Google
Email Settings
Not adapted
Notification: Email
Public Forms
System Settings
Verification: Aliyun SMS
Verification: Tencent SMS
Workflow
