Server Variables

Server variables serves two purposes, which often overlap:

• Centralize and re-use configuration in flows
• Keep secrets outside of flow definitions

Configuring server variables

Server variables are managed through the UI, via system/variables in the left navigation.

Variables are essentially a list of key-value items. Keys may contain between 1 and 255 alphanumeric characters, dashes or underscores. For example:

api_key
API-KEY
cluster07-username
cluster07-password
token63

Values are arbitrary strings, and descriptions are optional.

Secrets

If a variable is marked as a secret, its value cannot be obtained via the admin API (or UI). The values of secret variables are masked (*****) before they leave the API. Note that a secret variable can be changed to a non-secret variable, in which case it’s value will no longer be masked.

The values of server variables that are marked as secrets are not encrypted when stored in the database. While this behaviour may change in a future release, it would require the addition of key management to server configuration, which is not a trivial problem to handle securely. If the security of the database cannot be trusted in a particular deployment scenario, you should:

• Use a specialized secrets management system or service that provides an HTTP API.
• Retrieve secrets with a flow, for use on a temporary basis

Something like Vault is a good candidate.

Note

Server variables are available for use in flows. Flows can technically (and explicitly) be configured to expose this data outside of a Sirveo server. See the security reference for details on how to avoid doing this accidentally.

Accessing server variables in flows

Note

Flow variables were introduced in Sirveo 0.2.9, which changed the way in which server variables are made available to flows. See the 0.2.9 changelog for details.

To access a server variable in a flow, the flow must be configured with a corresponding flow variable. For a detailed example, see accessing server variables.