Store secrets

Secrets should not be stored in the extension code but should be handled via the extension settings.

Example

Imagine you are building an extension with a 3rd party. As is common in many applications, your extension might require authentication with the third-party API. However, you want to ensure that users who install the extension can easily configure their own API key without hardcoding it into the extension's code or relying on environment variables.

To achieve this, you can use the extension settings to provide a user-friendly way for extension users to set their API key during the installation process.

Extension settings

typescript
Copy
01// Define extension settings
02const mySettings = {
03  apiKey: {
04    label: 'API Key',
05    key: 'apiKey',
06    obfuscated: true, // set this to true when settings store sensitive data
07    required: true,
08  },
09} satisfies Record<string, Setting>
10
11// Export extension with settings
12const yourExtension: Extension = {
13  ...,
14  settings: mySettings,
15}

Accessing settings values

The extension settings are accessible from within any part of your extension's code (e.g. when writing a custom action), enabling you to retrieve the user's provided value for the secret/setting.

typescript
Copy
01export const yourCustomAction: Action<typeof fields, typeof settings> = {
02  ...,
03  onActivityCreated: async (payload, onComplete) => {
04    // Fetch the settings
05    const { settings } = payload
06
07    console.log('API Key inserted by the user: ' + settings.apiKey)
08
09    // Handle the action
10
11    await onComplete()
12  },
13}