Referencing Constants and Secrets
When building applications in ToolJet, you often need to reuse fixed values (such as URLs or environment flags) or securely handle sensitive information (such as API keys or database credentials). Workspace Constants and Secrets make this process easy, safe, and maintainable, especially when working across multiple apps or with larger teams.
In this guide, you'll learn how to use Workspace Constants and Secrets within your ToolJet apps.
You can create a global constant or secret directly from the ToolJet Dashboard. Once created, these constants and secrets can be referenced by builders within the app-builder.
Characteristics and Usageβ
Both constants and secrets allow you to store reusable values for your apps. However, they serve different purposes and have distinct characteristics as shown below:
| Characteristic | Global Constants | Secrets |
|---|---|---|
| Components | β | β |
| Data Queries | β | β |
| Encrypted in DB | β | β |
| Masked in Frontend | β | β |
| Resolved on Client Side | β | β |
| Resolved on Server Side | β | β |
| Naming Convention | {{constants.constant_name}} | {{secrets.secret_name}} |
Access Controlβ
To maintain security and governance:
- Only Admins can create, edit, or delete Constants and Secrets.
- Builders can reference them in their applications but cannot modify them.
Use Casesβ
Reusable Values Across Apps with Global Constantsβ
Imagine youβre building an app that fetches product prices from an API. The base URL of your API is the same across multiple queries.
Instead of hard-coding this URL everywhere, define a Global Constant. Now, if the base URL ever changes, you only need to update it in one place, reducing errors and improving maintainability.
- Name:
API_BASE_URL - Value:
https://api.example.com/v1
You can now reference it in your queries or custom code:
Handling Sensitive Credentials with Secretsβ
Letβs say your application uses a third-party service such as OpenAI that requires an API key. Storing this key directly in queries or code isnβt a good practice. Instead, define a Secret:
- Name:
OPENAI_API_KEY - Value:
sk_****************
Secrets are encrypted and can only be accessed within queries and data sources. They are not accessible in components, ensuring your credentials remain secure.