Variables and Secrets

Introduction

Centralized configuration and management of environment variables and secrets for sensitive data storage, configuration data reuse, and environment configuration isolation.

Differences from `.env`

Feature	`.env` File	Dynamically Configured Variables and Secrets
Storage Location	Stored in the `.env` file in the project root directory	Stored in the `environmentVariables` table in the database
Loading Method	Loaded into `process.env` using tools like `dotenv` during application startup	Dynamically read and loaded into `app.environment` during application startup
Modification Method	Requires direct file editing, and the application needs to be restarted for changes to take effect	Supports runtime modification, changes take effect immediately after reloading the application configuration
Environment Isolation	Each environment (development, testing, production) requires separate maintenance of `.env` files	Each environment (development, testing, production) requires separate maintenance of data in the `environmentVariables` table
Applicable Scenarios	Suitable for fixed static configurations, such as main database information for the application	Suitable for dynamic configurations that require frequent adjustments or are tied to business logic, such as external databases, file storage information, etc.

Installation

Built-in plugin, no separate installation required.

Usage

Configuration Data Reuse

For example, if multiple places in the workflow require email nodes and SMTP configuration, the common SMTP configuration can be stored in environment variables.

20250102181045

Sensitive Data Storage

Storage of various external database configuration information, cloud file storage keys, etc.

20250102103513

Environment Configuration Isolation

In different environments such as development, testing, and production, independent configuration management strategies are used to ensure that the configurations and data of each environment do not interfere with each other. Each environment has its own independent settings, variables, and resources, which avoids conflicts between development, testing, and production environments and ensures that the system runs as expected in each environment.

For example, the configuration for file storage services may differ between development and production environments, as shown below:

Development Environment

FILE_STORAGE_OSS_BASE_URL=dev-storage.nocobase.com
FILE_STORAGE_OSS_BUCKET=dev-storage

Production Environment

FILE_STORAGE_OSS_BASE_URL=prod-storage.nocobase.com
FILE_STORAGE_OSS_BUCKET=prod-storage

Environment Variable Management

20250102155314

Adding Environment Variables

Supports single and batch addition
Supports plaintext and encrypted storage

20250102155509

Single Addition

20250102155731

Batch Addition

20250102155258

Notes

Restarting the Application

After modifying or deleting environment variables, a prompt to restart the application will appear at the top. Changes to environment variables will only take effect after the application is restarted.

20250102155007

Encrypted Storage

Encrypted data for environment variables uses AES symmetric encryption. The PRIVATE KEY for encryption and decryption is stored in the storage directory. Please keep it safe; if lost or overwritten, the encrypted data cannot be decrypted.

./storage/environment-variables/<app-name>/aes_key.dat

Currently Supported Plugins for Environment Variables

Action: Custom Request

20250102180751

Auth: CAS

20250102160129

Auth: DingTalk

20250102160205

Auth: LDAP

20250102160312

Auth: OIDC

20250102160426

Auth: SAML

20250102160652

Auth: WeCom

20250102160758

Data Source: External MariaDB

20250102160935

Data Source: External MySQL

20250102173602

Data Source: External Oracle

20250102174153

Data Source: External PostgreSQL

20250102175630

Data Source: External SQL Server

20250102175814

Data Source: KingbaseES

20250102175951

Data Source: REST API

20250102180109

File Storage: Local

20250102161114

File Storage: Aliyun OSS

20250102161404

File Storage: Amazon S3

20250102163730

File Storage: Tencent COS

20250102173109

File Storage: S3 Pro

Not adapted

Map: AMap

20250102163803

Map: Google

20250102171524

Email Settings

Not adapted

Notification: Email

20250102164059

Public Forms

20250102163849

System Settings

20250102164139

Verification: Aliyun SMS

20250102164247

Verification: Tencent SMS

20250102165814

Workflow

20250102180537

#Variables and Secrets

#Introduction

#Differences from .env

#Installation

#Usage

#Configuration Data Reuse

#Sensitive Data Storage

#Environment Configuration Isolation

#Environment Variable Management

#Adding Environment Variables

#Notes

#Restarting the Application

#Encrypted Storage

#Currently Supported Plugins for Environment Variables

#Action: Custom Request

#Auth: CAS

#Auth: DingTalk

#Auth: LDAP

#Auth: OIDC

#Auth: SAML

#Auth: WeCom

#Data Source: External MariaDB

#Data Source: External MySQL

#Data Source: External Oracle

#Data Source: External PostgreSQL

#Data Source: External SQL Server

#Data Source: KingbaseES

#Data Source: REST API

#File Storage: Local

#File Storage: Aliyun OSS

#File Storage: Amazon S3

#File Storage: Tencent COS

#File Storage: S3 Pro

#Map: AMap

#Map: Google

#Email Settings

#Notification: Email

#Public Forms

#System Settings

#Verification: Aliyun SMS

#Verification: Tencent SMS

#Workflow