domino logo
Tech Ecosystem
Get started with Python
Step 0: Orient yourself to DominoStep 1: Create a projectStep 2: Configure your projectStep 3: Start a workspaceStep 4: Get your files and dataStep 5: Develop your modelStep 6: Clean up WorkspacesStep 7: Deploy your model
Get started with R
Step 0: Orient yourself to Domino (R Tutorial)Step 1: Create a projectStep 2: Configure your projectStep 3: Start a workspaceStep 4: Get your files and dataStep 5: Develop your modelStep 6: Clean up WorkspacesStep 7: Deploy your model
Get Started with MATLAB
Step 1: Orient yourself to DominoStep 2: Create a Domino ProjectStep 3: Configure Your Domino ProjectStep 4: Start a MATLAB WorkspaceStep 5: Fetch and Save Your DataStep 6: Develop Your ModelStep 7: Clean Up Your Workspace
Step 8: Deploy Your Model
Scheduled JobsLaunchers
Step 9: Working with Domino Datasets
Domino Reference
Projects
Projects Overview
Revert Projects and Files
Revert a ProjectRevert a File
Projects PortfolioProject Goals in Domino 4+Jira Integration in DominoUpload Files to Domino using your BrowserFork and Merge ProjectsSearchSharing and CollaborationCommentsDomino Service FilesystemCompare File RevisionsArchive a Project
Advanced Project Settings
Project DependenciesProject TagsRename a ProjectSet up your Project to Ignore FilesUpload files larger than 550MBExporting Files as a Python or R PackageTransfer Project Ownership
Domino Runs
JobsDiagnostic Statistics with dominostats.jsonNotificationsResultsRun Comparison
Advanced Options for Domino Runs
Run StatesDomino Environment VariablesEnvironment Variables for Secure Credential StorageUse Apache Airflow with Domino
Scheduled Jobs
Domino Workspaces
WorkspacesUse Git in Your WorkspaceUse Visual Studio Code in Domino WorkspacesPersist RStudio PreferencesAccess Multiple Hosted Applications in one Workspace Session
Spark on Domino
On-Demand Spark
On-Demand Spark OverviewValidated Spark VersionConfigure PrerequisitesWork with your ClusterManage DependenciesWork with Data
External Hadoop and Spark
Hadoop and Spark OverviewConnect to a Cloudera CDH5 cluster from DominoConnect to a Hortonworks cluster from DominoConnect to a MapR cluster from DominoConnect to an Amazon EMR cluster from DominoRun Local Spark on a Domino ExecutorUse PySpark in Jupyter WorkspacesKerberos Authentication
Customize the Domino Software Environment
Environment ManagementDomino Standard EnvironmentsInstall Packages and DependenciesAdd Workspace IDEs
Partner Environments for Domino
Use MATLAB as a WorkspaceCreate a SAS Data Science Workspace EnvironmentNVIDIA NGC Containers
Advanced Options for Domino Software Environment
Install Custom Packages in Domino with Git IntegrationAdd Custom DNS Servers to Your Domino EnvironmentConfigure a Compute Environment to User Private Cran/Conda/PyPi MirrorsScala notebooksUse TensorBoard in Jupyter Workspaces
Publish your Work
Publish a Model API
Model Publishing OverviewModel Invocation SettingsModel Access and CollaborationModel Deployment ConfigurationPromote Projects to ProductionExport Model Image
Publish a Web Application
App Publishing OverviewGet Started with DashGet Started with ShinyGet Started with FlaskContent Security Policies for Web Apps
Advanced Web Application Settings in Domino
App Scaling and PerformanceHost HTML Pages from DominoHow to Get the Domino Username of an App Viewer
Launchers
Launchers OverviewAdvanced Launcher Editor
Assets Portfolio Overview
Connect to your Data
Domino Datasets
Datasets OverviewDatasets Best PracticesAbout domino.yamlDatasets Advanced Mode TutorialDatasets Scratch SpacesConvert Legacy Data Sets to Domino Datasets
Data Sources Overview
Connect to Data Sources
External Data Volumes
Git and Domino
Git Repositories in DominoWork From a Commit ID in Git
Work with Data Best Practices
Work with Big Data in DominoWork with Lots of FilesMove Data Over a Network
Advanced User Configuration Settings
User API KeysDomino TokenOrganizations Overview
Use the Domino Command Line Interface (CLI)
Install the Domino Command Line (CLI)Domino CLI ReferenceDownload Files with the CLIForce-Restore a Local ProjectMove a Project Between Domino DeploymentsUse the Domino CLI Behind a Proxy
Browser Support
Get Help with Domino
Additional ResourcesGet Domino VersionContact Domino Technical SupportSupport Bundles
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining
User Guide
>
Domino Reference
>
Domino Runs
>
Advanced Options for Domino Runs
>
Environment Variables for Secure Credential Storage

Environment Variables for Secure Credential Storage

Domino’s environment variables give you a safe and easy way to inject sensitive configuration into the execution of your analysis or models.

Environment variables are stored securely. They can only be modified by the owners of the project or the editors of a model. They are not tied to the version history of your project or model, so they can easily be revoked.

Why use environment variables for configuration?

Your code might have to connect to external resources, like a database or S3. Often these connections are authenticated through a secure password, key, or token. Do not include this type of secure configuration directly in your source because:

  • You might want to share source files but not the credentials.

  • It’s difficult to scrub references to those credentials from a version control system like Git or Domino.

  • You might want only a more privileged user (like the project owner) to change certain configuration parameters. If configuration is all done through code, then all users that can modify the scripts can change the configuration.

Domino recommends that you store your configuration and permission separately, and have it injected when your code executes.

Set up project environment variables

Use environment variables to set up the secure configuration to be injected when the project executes.

Note
To set this up:
  1. Go to the Settings tab on the project.

  2. In the Environment variables section, add the key/value pairs that will be injected as environment variables:

    config

    The values are passed verbatim, so escaping is not required. The value has a 64K length limit.

Note

Set up user environment variables

You can also configure environment variables on a per-user basis. The system injects these variables at execution time for any run that the user starts.

User Environment variables are automatically imported into runs across all projects, and can be accessed like any other Environment Variables. User-specific environment variables are not used or available in models.

Configure your user environment variables:
  1. Click your username and then select Account Settings to open the Account Settings page.

  2. Go to the User environment variables section.

  3. Configure variables for your user account in the same way as project environment variables (described previously).

Set up model environment variables

Use environment variables to set up your secure configuration to be injected at execution.

Note
  1. Go to the Settings tab on the model to configure.

  2. In the Environment section, add key/value pairs that will be injected as environment variables at execution.

The values are passed verbatim, so no escaping is required. The value has a 64K length limit.

When you add a variable the values are pushed to all running model versions.

Project level and user level environment variables are not used in Models and must be set separately on the model.

Connect to Git repositories

If you’re using a user level environment variable to connect to Github and download repositories, you must add the following into your environment definition:

RUN pip install git+https://personalaccesstoken:personalaccesstoken@github.com/<repo>

Using Environment Variables in Pre- or Post-setup Scripts of your Environment

If you want to reference custom-defined environment variables in the pre- or post-setup script of your custom compute environment, you’ll need to make sure the variable name has the prefix DRT\_.

Hierarchy of environment variables

You can set the same variable in different places. Each level overrides the previous one in the following order:

  • Compute environment

  • Project

  • User Account

The following shows an example for how a variable’s values can be set and the expected result:

Place set

Run#1

Run#2

Run#3

Compute Environment

A

A

A

Project

-

B

B

User Account

-

-

C

Run Result

A

B

C

Read the environment variables

Every language has its own way of reading environment variables. In Python, it might look like this:

import os
s3 = S3Client(os.environ['S3_KEY'], os.environ['S3_SECRET'])

For more details, see Python help.

In R, it might look like this:

makeS3Client(Sys.getenv("S3_KEY"), Sys.getenv("S3_SECRET"))

For more details, see R help.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.