NUVOLOS
Sign In
  • Getting Started
    • Introduction to Nuvolos
    • Documentation structure
    • Nuvolos basic concepts
      • Organisational hierarchy
      • Applications
      • Distribution
      • Data integration
      • Snapshots
      • Background tasks
    • Navigate in Nuvolos
    • Quickstart tutorials
      • Research
      • Education (instructor)
      • Education (student)
  • Features
    • Applications
      • Application resources
      • Sessions
        • Session Logs
      • Install a software package
      • Create a persistent .bashrc
      • Automatic code execution
      • Long-running applications
      • Troubleshooting applications
      • New applications or licenses
      • Configuring applications
      • Exporting applications
      • Add-ons
        • MariaDB add-on
        • PostgreSQL add-on
        • OpenSearch add-on
        • MongoDB add-on
        • Redis add-on
        • PostGIS add-on
        • Rclone mount add-on
        • Neo4j add-on
    • File system and storage
      • File navigator
      • Large File Storage
      • Preview files
      • Mount Dropbox
      • Access S3 buckets with RClone
      • Access remote files with SSHFS
      • Access files on SharePoint Online
    • Object distribution
      • Distribution strategies
      • The distributed instance
    • Snapshots
      • Create a snapshot
      • Restore a snapshot
      • Delete a snapshot
    • Database integration
      • Create datasets
      • View tables
      • Build queries
      • Upload data
      • Access data from applications
        • Set up ODBC drivers
        • Obtain tokens for data access
        • Find database and schema path
      • DBeaver integration
    • Environment variables and secrets
    • Searching
      • Page
      • Find an application
      • Find an organisation
      • Find a space
      • Find an instance
      • Find a state
    • Video library
    • Nuvolos CLI and Python API
      • Installing the CLI
      • Using the CLI
  • User Guides
    • Research guides
      • Inviting a reviewer
      • GPU computation
    • Education guides
      • Setting assignments
        • Programmatical assignment handling
      • Documenting your course
      • Setting up group projects
        • Collaborative application editing
      • Configuring student applications
      • Archiving your course
      • Student guides
        • Joining a course
        • Working on assignments
        • Leaving a course
    • Application-specific guides
      • JupyterLab
      • RStudio
      • VSCode
      • Stata
      • MATLAB
      • Terminal
      • Terminal [tmux]
      • Apache Airflow
      • Apache Superset
      • D-Wave Inspector
      • MLFlow
      • Databricks Connect
      • Dynare.jl
      • CloudBeaver
      • InveLab
      • Overleaf
      • Metabase
      • DNDCv.CAN
      • OpenMetaData
      • Uploading data to the Large File Storage
    • Data guides
      • Setting up a dataset on Nuvolos
      • Importing data on Nuvolos
      • A complete database research workflow (Matlab & RStudio)
      • Accessing data as data.frames in R
      • Working with CRSP and Compustat
      • Working with the S&P 500®
  • Pricing and Billing
    • Pricing structure
    • Resource pools and budgets
    • Nuvolos Compute Units (NCUs)
  • Administration
    • Roles
      • Requesting roles
    • Organisation management
    • Space management
      • Invite to a space
      • Revoke a space user
      • HPC spaces
      • Resting spaces
    • Instance management
      • Invite to an instance
    • Enabling extra services
    • Monitoring resource usage
      • NCU Limits and Capacities
  • Reference
    • Application reference
      • InveLab
        • Dataset selection
        • Modules
          • Time-series visualisation
          • Moment estimation
          • Mean-variance frontiers
          • Frontiers
          • Dynamic strategy
          • Portfolio analysis
          • Performance analysis
          • Benchmarking
          • Carry trade strategies
          • Risk measures
          • Conditional volatility
          • Replication
          • Factor factory
          • Factor tilting
          • Valuation
    • Glossary
  • FAQs
    • FAQs
    • Troubleshooting
      • Login troubleshooting
        • I forgot my email address
        • I forgot my identity provider
        • I can't log in to Nuvolos
        • I forgot my password
        • I haven't received the password reset email
        • I haven't received the invitation email
      • Application troubleshooting
        • I can't see an application
        • I can't start an application
        • I can't create an application
        • I can't delete an application
        • I can't stop a running application
        • JupyterLab 3 troubleshooting
        • Spyder 3.7 troubleshooting
      • Administration troubleshooting
        • I can't see a space
        • I can't create a space
        • I can't delete a space
        • I can't invite admins to my space
        • I can't see an instance
        • I can't create an instance
        • I can't delete an instance
        • I can't invite users to an instance
        • I can't see distributed content in my instance
        • I can't see a snapshot
        • I can't create a snapshot
        • I can't delete a snapshot
        • I can't revoke a user role
        • I can't upload a file
        • I can't delete a file
        • I can't invite students to my course
      • Content troubleshooting
        • I can't find my files in my Linux home
        • I can't find my files among the Workspace files
        • I restored a snapshot by mistake
Powered by GitBook
On this page
  • Environment variables
  • Secrets
  • Account secrets
  • Space secrets
  • Organization secrets
  • Override policy
  • Usage

Was this helpful?

  1. Features

Environment variables and secrets

You can set custom environment variables and secrets for Nuvolos applications via the web UI.

PreviousDBeaver integrationNextSearching

Last updated 1 year ago

Was this helpful?

You should use secrets and environmental variables to store secret information such as database access information, API tokens, etc.

Storing secret information on the file-system is a bad security practice and might lead to inadvertent sharing of secret information.

Environment variables

Nuvolos supports setting custom environment variables for your applications at the account level. You can configure variables in the Settings -> Environment tab.

Secrets

Nuvolos supports setting custom secrets for your applications at the account, space and organization level. The different secrets are treated similarly within the applications, the only difference is the permissions to read, create, update and delete them.

Account secrets

All Nuvolos users can set secrets for their account. You can configure variables and secrets in the Settings -> Secrets tab.

A good use case for account secrets is personal access tokens for third party vendors, like Hugging Face, OpenAI, etc. Any token you set at account level will be automatically available to all your apps, but only for you, and not other users in the same org/space.

Space secrets

Nuvolos supports setting custom secrets for spaces, that are available for all members in the space who are viewers in at least one instance of the particular space.

You can see (and configure) space secrets in the Manage Space -> Course/Project Configuration -> Secrets tab.

Only users with Space Administrator Role have the permission to create, update and delete space secrets.

A good example for space level secrets is connection credentials for a shared third party resource like a database server, where distinct Nuvolos users can use the same credentials. However, we generally recommend to create separate users with separate secrets on third party resource as well for better security and auditing purposes. Even in this case, many settings can be set at the space level (e.g. database hostname, port, certificate, etc.)

Organization secrets

Nuvolos also supports setting custom secrets for a whole organization, that are available for all members in the particular orginization.

As an Organization Manager, you can configure organization secrets in the Organization settings -> Secrets tab from the dropdown settings menu on the dashboard.

Only users with Organization Manager Role have the permission to access the Secrets tab, where they can create, update and delete organization secrets.

Override policy

In order to decide which secrets are available in a running application, an override policy is implemented as follows:

  • Hierarchy level: Organization secret < Space secret < Account secret, where personal secrets are the highest in hierarchy.

  • In case there are secrets defined with the same name on different hierarchy levels, the above defined order takes place to determine the effective secrets for a given application.

  • For example, the Organization Manager has set an Organization secret called ACCESS_KEY with an arbitrary value, but you have an Account secret with the same name. When you launch an application in the organization with the mentioned secret set, you will notice that upon reading the environment variables, you get the value for the ACCESS_KEY secret that you set for your account. The similar logic applies for all other pairs of secrets in the hieararchy level.

Usage

Both variables and secrets are made available in running applications. There are slight differences in how secrets and environmental variables are treated:

  • Environmental variables:

    • Become environmental variables in running applications.

    • Values can be viewed from the Web UI.

    • Subprocesses may or may not inherit them when spawned.

  • Secrets:

    • Become environmental variables in running applications.

    • Also become files that are located under the /secrets folder, where the filename is the secret name and the content of the file is the secret value.

    • Values cannot be viewed from the Web UI.

    • Since stored in a fix location, any spawned subprocesses are able to access them in a straightforward manner from the /secretsfolder.

As a member of an organization, you can access organization secrets on the Secrets tab in the Space configuration menu as shown . Note, that on this screen all space secrets appear alongside the organization secrets that are not by space secrets.

If you would like to avoid overriding Organization and Space secrets, always make sure to check their names before creating Account secrets!

here
overriden
here