Securely store and use a secret

Problem

You need to store a secret and access it securely without exposing it in the editor.

Solution

1. Browse to the Configuration tab in the Dynaboard editor
2. In the App Secrets panel, click the + button
3. Name your secret (e.g. MY_API_KEY) and enter the secret into the value field below
4. Your secret is now accessible in server-side resources using ${{ MY_API_KEY }}

Discussion

• Dynaboard stores your secret securely at rest using industry-standard practices with auditable access. However, your secrets are accessible to other developers on your app.
• Secrets can be accessed on any server-side resource, including REST API Resource headers. For example, to use your new secret as the Bearer Authorization header of HTTP requests for a resource:
  1. Create the REST API Resource
  2. Find the Default Headers panel and click the + button
  3. Give your header a name of Authorization
  4. Give your header a value of Bearer ${{ MY_API_KEY }}
• Secrets may also be used in TypeScript Server functions:

const myAPIKey = ${{ MY_API_KEY }}
const res = await fetch('https://httpbin.org/post', {
	method: 'POST',
  headers: {
		Authorization: 'Bearer ' + myAPIKey,
  }
})
 
const resBody = await res.json()
return resBody

• Secrets cannot be accessed from client-side code. For example, you cannot access secrets from the {{ bindings }} in UI components or in TypeScript Client functions.

See also

• Pass user input into a SQL query
• Pass user input into a REST API call
• Pass user input into a GraphQL API call