Core Concepts
Credentials & Secrets
riogentix stores all external service credentials encrypted at rest using AES-256-GCM. Credentials are scoped to your tenant and never exposed in plain text after creation.
Adding a Credential
- Go to Settings → Credentials
- Click + Add Credential
- Select the credential type (API Key, OAuth2, Basic Auth, etc.)
- Fill in the required fields and click Save
Credential Types
| Type | Use Case |
|---|---|
| API Key | Simple token-based services |
| OAuth2 | Google, Slack, Microsoft, Salesforce |
| Basic Auth | Username/password APIs |
| Bearer Token | JWT-authenticated services |
| SSH Key | Server access, Git |
| Database (DSN) | PostgreSQL, MySQL, MongoDB |
| SMTP | Email sending |
Using Credentials in Nodes
Once saved, credentials appear in the Credential dropdown of compatible nodes. You can also reference them in expressions:
{{ $credentials.myServiceApiKey }}
Security note: Credential values are only accessible to nodes at execution time. They are not visible in logs or the UI after saving.
Credential Sharing
By default, credentials are private (only visible to you). Admins can promote a credential to Shared, making it available to all users in the tenant.
Credential Rotation
- Open the credential from Settings → Credentials
- Click Edit and update the secret value
- Save — all workflows using this credential will automatically pick up the new value on their next run
Environment-Level Secrets
For values that span multiple credentials (e.g., a shared signing secret), use Environment Variables at the tenant level. These are accessible via {{ $env.MY_SECRET }} in any expression.