Core Concepts

Credentials & Secrets

riogentix stores all external service credentials encrypted at rest using AES-256-GCM. Credentials are scoped to your tenant and never exposed in plain text after creation.

Adding a Credential

  1. Go to Settings → Credentials
  2. Click + Add Credential
  3. Select the credential type (API Key, OAuth2, Basic Auth, etc.)
  4. Fill in the required fields and click Save

Credential Types

TypeUse Case
API KeySimple token-based services
OAuth2Google, Slack, Microsoft, Salesforce
Basic AuthUsername/password APIs
Bearer TokenJWT-authenticated services
SSH KeyServer access, Git
Database (DSN)PostgreSQL, MySQL, MongoDB
SMTPEmail sending

Using Credentials in Nodes

Once saved, credentials appear in the Credential dropdown of compatible nodes. You can also reference them in expressions:

{{ $credentials.myServiceApiKey }}
Security note: Credential values are only accessible to nodes at execution time. They are not visible in logs or the UI after saving.

Credential Sharing

By default, credentials are private (only visible to you). Admins can promote a credential to Shared, making it available to all users in the tenant.

Credential Rotation

  1. Open the credential from Settings → Credentials
  2. Click Edit and update the secret value
  3. Save — all workflows using this credential will automatically pick up the new value on their next run

Environment-Level Secrets

For values that span multiple credentials (e.g., a shared signing secret), use Environment Variables at the tenant level. These are accessible via {{ $env.MY_SECRET }} in any expression.