Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 21:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/docs/versioned_docs/version-3.16.0-LTS/app-builder/custom-code/constants-secrets.md

58 lines
3.3 KiB
Markdown
Raw Normal View History

[docs]: LTS 3.16 Version
2025-08-04 06:49:49 +00:00
---
id: constants-secrets
title: Referencing Constants and Secrets
---
When building applications in ToolJet, you often need to reuse fixed values (such as URLs or environment flags) or securely handle sensitive information (such as API keys or database credentials). [Workspace Constants and Secrets](/docs/security/constants/) make this process easy, safe, and maintainable, especially when working across multiple apps or with larger teams.
In this guide, you'll learn how to use Workspace Constants and Secrets within your ToolJet apps.
You can create a global constant or secret directly from the ToolJet Dashboard. Once created, these constants and secrets can be referenced by builders within the app-builder.
<img className="screenshot-full img-full" style={{marginBottom:"15px"}} src="/img/security/constants/constants-secret/env-specific-const-v2.png" alt="CMS Page"/>
## Characteristics and Usage
Both constants and secrets allow you to store reusable values for your apps. However, they serve different purposes and have distinct characteristics as shown below:
| Characteristic | Global Constants | Secrets |
|-------------------------|:-----------------------------:|:-------------------------:|
| Components | ✅ | ❌ |
| Data Queries | ✅ | ✅ |
| Encrypted in DB | ✅ | ✅ |
| Masked in Frontend | ❌ | ✅ |
| Resolved on Client Side | ✅ | ❌ |
| Resolved on Server Side | ❌ | ✅ |
| Naming Convention | `{{constants.constant_name}}` | `{{secrets.secret_name}}` |
## Access Control
To maintain security and governance:
- Only Admins can create, edit, or delete Constants and Secrets.
- Builders can reference them in their applications but cannot modify them.
## Use Cases
### Reusable Values Across Apps with Global Constants
Imagine youre building an app that fetches product prices from an API. The base URL of your API is the same across multiple queries.
Instead of hard-coding this URL everywhere, define a Global Constant. Now, if the base URL ever changes, you only need to update it in one place, reducing errors and improving maintainability.
- Name: `API_BASE_URL`
- Value: `https://api.example.com/v1`
You can now reference it in your queries or custom code:
<img className="screenshot-full img-l" style={{marginBottom:"15px"}} src="/img/app-builder/custom-code/constants_usecase.png" alt="constant usecase"/>
### Handling Sensitive Credentials with Secrets
Lets say your application uses a third-party service such as OpenAI that requires an API key. Storing this key directly in queries or code isnt a good practice. Instead, define a Secret:
- Name: `OPENAI_API_KEY`
- Value: `sk_****************`
<img className="screenshot-full img-l" style={{marginBottom:"15px"}} src="/img/app-builder/custom-code/secret_usecase.png" alt="secret usecase"/>
Secrets are encrypted and can only be accessed within queries and data sources. They are not accessible in components, ensuring your credentials remain secure.
Reference in a new issue Copy permalink