Enterprise Deployment Guide

Manage credentials securely using environment variables in CE or workspace-level secrets in Enterprise.

Edit this page on GitHub

Secret Management

Data Generators and custom proxy apps often need credentials to access cloud APIs or external systems.

Environment Variables

Community Edition (rescile-ce) resolves ${env.SECRET_NAME} directly from the host system’s environment variables. Ensure these are securely injected via your CI runner or secret manager (e.g., HashiCorp Vault, AWS Secrets Manager).

Enterprise Workspace Secrets

In the Enterprise Edition (rescile-portal), secrets are managed securely at the workspace level. The platform securely injects them into the execution sandbox.

Always use template expansion to pass secrets as arguments to generators rather than hardcoding them in TOML files:

[generators.discovery]
env = ["API_TOKEN={{ env.MY_SECRET_TOKEN }}"]