Developer Q&A Forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securely pass credentials to app functions?

Dimitris_G-K
Newcomer_

I'm building a Dynatrace app that includes a backend function which calls the Account Management API to fetch the DPS rate card. The function needs three credentials: `CLIENT_ID`, `CLIENT_SECRET`, and `ACCOUNT_URN`.  I have tried with .env file (`dt-app` does not load it at runtime, the variables come back empty ), also with  adding a `function.env`  block to `app.config.json` (`CliOptions`reject it) and lastly the one that is working, hardcoding the values directly in the function file and adding it to `.gitignore`of course.

Is there an officially supported way to inject environment variables into Dynatrace app functions at deploy time, without hardcoding them in the source code?

Thanks a lot!

2 REPLIES 2

DanielS
DynaMight Guru
DynaMight Guru

Hello @Dimitris_G-K you could define a settings schema.

Look for Use Secrets section.

{
  "dynatrace": "1",
  "schemaId": "my-example-secrets",
  "version": "1.0.0",
  "displayName": "Allows you to configure connections to a fictional messaging service",
  "description": "",
  "multiObject": true,
  "maxObjects": 10,
  "maturity": "GENERAL_AVAILABILITY",
  "summaryPattern": "Messaging Service {url}",
  "ordered": false,
  "properties": {
    "isEnabled": {
      "displayName": "Enabled",
      "description": "Enable the integration of the messaging service",
      "type": "boolean",
      "default": false,
      "nullable": false
    },
    "description": {
      "displayName": "Description of the connection",
      "type": "text",
      "default": "",
      "nullable": false
    },
    "url": {
      "displayName": "URL",
      "description": "The URL of the messaging service",
      "type": "text",
      "default": "",
      "nullable": false,
      "forceSecretResubmission": true,
      "constraints": [
        {
          "type": "PATTERN",
          "customMessage": "The URL must be secure (https://) and must not contain a trailing slash",
          "pattern": "^https://.*[^/]$"
        }
      ]
    },
    "token": {
      "displayName": "Token",
      "description": "A secret token",
      "type": "secret",
      "default": "",
      "nullable": false
    }
  },
  "constraints": [
    {
      "type": "SECRET_RESUBMISSION",
      "customMessage": "For security reasons, please re-enter the token before saving the settings.",
      "checkAllProperties": false
    }
  ]
}
Dynatrace Certified Professional @ www.dosbyte.com

Thank you very much, I'll check it out!

Featured Posts