Use Domino’s environment variables to inject sensitive configuration into the execution of your analysis or models. Environment variables are stored securely.
Domino pulls environment variables from the following sources whenever it loads a run or workspace:
-
User, project, and hardware information. These are stored in variables set by Domino automatically.
-
Environment variables defined in the user profile of the user starting a run.
-
Environment variables defined in the Hardware & Environment tab of the project settings.
You can use these environment variables to securely store keys and credentials that the project needs. The names of these variables must start with a letter, and contain only alphanumeric characters and underscores.
Only the owners of the project or the editors of a model can modify them. They are not tied to the version history of your project or model, so they can easily be revoked.
Your code might have to connect to external resources, like a database or S3. Often these connections are authenticated through a secure password, key, or token. Do not include this type of secure configuration directly in your source because:
-
You might want to share source files, but not the credentials.
-
It’s difficult to scrub references to those credentials from a version control system like Git or Domino.
-
You might want to allow only a privileged user (like the project owner) to change certain configuration parameters.
If configuration is all done through code, then all users that can modify the scripts can change the configuration. Domino recommends that you store your configuration and permission separately, and inject it when your code executes.
If you want to reference custom-defined environment variables in the pre- or post-setup script of your custom compute environment, the variable name must have the prefix DRT\_
.
You can set the same variable in different places. Each level overrides the previous one in the following order:
-
Compute environment
-
Project
-
User Account
The following shows an example for how a variable’s values can be set and the expected result:
Place set | Run#1 | Run#2 | Run#3 |
---|---|---|---|
Compute Environment | A | A | A |
Project | - | B | B |
User Account | - | - | C |
Run Result | A | B | C |
Every language reads environment variables in its own way. In Python, it might look like this:
import os
s3 = S3Client(os.environ['S3_KEY'], os.environ['S3_SECRET'])
For more details, see Python help.
In R, it might look like this:
makeS3Client(Sys.getenv("S3_KEY"), Sys.getenv("S3_SECRET"))
For more details, see R help.