Passing external credentials at runtime
If you use a secrets store like HashiCorp Vault or AWS Secrets Manager, store credentials in a database, or use a service like Nango to manage auth, you can retrieve these secrets at runtime and pass them to any step.
There are two ways to pass external auth at runtime:
Most steps require additional, user-specific configuration. For example, the Slack Send a Message action requires a Channel ID, which may be specific to the end user’s workspace. You’ll need to fetch these values from another step and reference them here.
Most steps require additional, user-specific configuration. For example, the Slack Send a Message action requires a Channel ID, which may be specific to the end user’s workspace. You’ll need to fetch these values from another step and reference them here.
- Pass it in an HTTP request
- Fetch credentials from a DB or secrets store within a workflow step
Passing external credentials at runtime is a feature that’s available to customers on the Business plan. If you have a use case that you’d like to discuss, we’d love to hear about it!
Pass credentials via HTTP
- If not already configured, add an HTTP trigger to your workflow.
- From your app, retrieve credentials and send them in an HTTP request to the endpoint with the rest of the payload.
- In the step of your workflow where you’d like to pass these credentials, select the Use external authentication option at the bottom-right of the account selector:
- You’ll be prompted for all required credentials for the app, often just an
oauth_access_tokenorapi_key. Find the variable that contains your credentials and pass them to each field:
Most steps require additional, user-specific configuration. For example, the Slack Send a Message action requires a Channel ID, which may be specific to the end user’s workspace. You’ll need to fetch these values from another step and reference them here.
Default loggingWhen you return credentials from workflow steps, Pipedream stores it with the rest of the workflow execution data. Workflow events are retained according to the default retention policy for your plan and any data retention controls you’ve configured.You can set the
pd-nostore flag to 1 on requests with credentials to disable logging for those requests only.Fetch credentials from a DB or secrets store
- Add a step to your workflow to fetch credentials from your DB or secrets store.
- In the step of your workflow where you’d like to pass these credentials, select the Use external authentication option at the bottom-right of the account selector:
- You’ll be prompted for all required credentials for the app, often just an
oauth_access_tokenorapi_key. Find the variable that contains your credentials and pass them to each field:
Most steps require additional, user-specific configuration. For example, the Slack Send a Message action requires a Channel ID, which may be specific to the end user’s workspace. You’ll need to fetch these values from another step and reference them here.
Default loggingWhen you return credentials from workflow steps, Pipedream stores it with the rest of the workflow execution data. Workflow events are retained according to the default retention policy for your plan and any data retention controls you’ve configured.You can set the
pd-nostore flag to 1 on requests with credentials to disable logging for those requests only.