domino logo
Tech Ecosystem
Get started with Python
Step 0: Orient yourself to DominoStep 1: Create a projectStep 2: Configure your projectStep 3: Start a workspaceStep 4: Get your files and dataStep 5: Develop your modelStep 6: Clean up WorkspacesStep 7: Deploy your model
Get started with R
Step 0: Orient yourself to Domino (R Tutorial)Step 1: Create a projectStep 2: Configure your projectStep 3: Start a workspaceStep 4: Get your files and dataStep 5: Develop your modelStep 6: Clean up WorkspacesStep 7: Deploy your model
Get Started with MATLAB
Step 1: Orient yourself to DominoStep 2: Create a Domino ProjectStep 3: Configure Your Domino ProjectStep 4: Start a MATLAB WorkspaceStep 5: Fetch and Save Your DataStep 6: Develop Your ModelStep 7: Clean Up Your Workspace
Step 8: Deploy Your Model
Scheduled JobsLaunchers
Step 9: Working with Domino Datasets
Domino Reference
Notifications
On-Demand Open MPI
Configure MPI PrerequisitesFile Sync MPI ClustersValidate MPI VersionWork with your ClusterManage Dependencies
Projects
Projects OverviewProjects PortfolioReference ProjectsProject Goals in Domino 4+
Git Integration
Git Repositories in DominoGit-based Projects with CodeSyncWorking from a Commit ID in Git
Jira Integration in DominoUpload Files to Domino using your BrowserFork and Merge ProjectsSearchSharing and CollaborationCommentsDomino Service FilesystemComparing File RevisionsRevert Projects and Files
Advanced Project Settings
Project DependenciesProject TagsRename a ProjectSet up your Project to Ignore FilesUpload files larger than 550MBExporting Files as a Python or R PackageTransfer Project Ownership
Domino Runs
JobsDiagnostic Statistics with dominostats.jsonNotificationsResultsRun Comparison
Advanced Options for Domino Runs
Run StatesDomino Environment VariablesEnvironment Variables for Secure Credential StorageUse Apache Airflow with Domino
Scheduled Jobs
Domino Workspaces
WorkspacesUse Git in Your WorkspaceRecreate A Workspace From A Previous CommitUse Visual Studio Code in Domino WorkspacesPersist RStudio PreferencesAccess Multiple Hosted Applications in one Workspace Session
Spark on Domino
On-Demand Spark
On-Demand Spark OverviewValidated Spark VersionConfigure PrerequisitesWork with your ClusterManage DependenciesWork with Data
External Hadoop and Spark
Hadoop and Spark OverviewConnecting to a Cloudera CDH5 cluster from DominoConnecting to a Hortonworks cluster from DominoConnect to a MapR cluster from DominoConnect to an Amazon EMR cluster from DominoRunning Local Spark on a Domino ExecutorUsing PySpark in Jupyter WorkspacesKerberos Authentication
On-Demand Ray
On-Demand Ray OverviewValidated Ray VersionConfigure PrerequisitesWork with your ClusterManage DependenciesWork with Data
On-Demand Dask
On-Demand Dask OverviewValidated Dask VersionConfigure PrerequisitesWork with Your ClusterManage DependenciesWork with Data
Customize the Domino Software Environment
Environment ManagementDomino Standard EnvironmentsInstall Packages and DependenciesAdd Workspace IDEsAdding Jupyter KernelsAutomatic Adaptation of Custom Images
Partner Environments for Domino
Use MATLAB as a WorkspaceUse Stata as a WorkspaceUse SAS as a Workspace
Advanced Options for Domino Software Environment
Publish in Domino with Custom ImagesInstall Custom Packages in Domino with Git IntegrationAdd Custom DNS Servers to Your Domino EnvironmentConfigure a Compute Environment to User Private Cran/Conda/PyPi MirrorsUse TensorBoard in Jupyter Workspaces
Publish your Work
Publish a Model API
Model Publishing OverviewModel Invocation SettingsModel Access and CollaborationModel Deployment ConfigurationPromote Projects to ProductionExport Model ImageExport to NVIDIA Fleet Command
Publish a Web Application
App Publishing OverviewGet Started with DashGet Started with ShinyGet Started with FlaskContent Security Policies for Web Apps
Advanced Web Application Settings in Domino
App Scaling and PerformanceHost HTML Pages from DominoHow to Get the Domino Username of an App Viewer
Launchers
Launchers OverviewAdvanced Launcher Editor
Assets Portfolio Overview
Model Monitoring and Remediation
Monitor WorkflowsData Drift and Quality Monitoring
Set up Monitoring for Model APIs
Set up Prediction CaptureSet up Drift DetectionSet up Model Quality MonitoringSet up NotificationsSet Scheduled ChecksSet up Cohort Analysis
Set up Model Monitor
Connect a Data SourceRegister a ModelSet up Drift DetectionSet up Model Quality MonitoringSet up Cohort AnalysisSet up NotificationsSet Scheduled Checks
Use Monitoring
Access the Monitor DashboardAnalyze Data DriftAnalyze Model QualityExclude Features from Scheduled Checks
Remediation
Cohort Analysis
Review the Cohort Analysis
Remediate a Model API
Monitor Settings
API TokenHealth DashboardNotification ChannelsTest Defaults
Monitoring Config JSON
Supported Binning Methods
Model Monitoring APIsTroubleshoot the Model Monitor
Connect to your Data
Data in Domino
Datasets OverviewProject FilesDatasets Best Practices
Connect to Data Sources
External Data VolumesDomino Data Sources
Connect to External Data
Connect Domino to DataRobotConnect to Azure Data Lake StorageConnect to BigQuery from DominoConnect to Google Cloud Storage from DominoConnect to IBM DB2 from DominoConnect to IBM Netezza from DominoConnect to Impala from DominoConnect to MSSQL from DominoConnect to MySQL from DominoConnect to Okera from DominoConnect to Oracle Database from DominoConnect to PostgreSQL from DominoConnect to Redshift from DominoConnect to S3 from DominoConnect to Snowflake from DominoConnect to Teradata from Domino
Work with Data Best Practices
Work with Big Data in DominoWork with Lots of FilesMove Data Over a Network
Advanced User Configuration Settings
User API KeysDomino TokenOrganizations Overview
Use the Domino Command Line Interface (CLI)
Install the Domino Command Line (CLI)Domino CLI ReferenceDownload Files with the CLIForce-Restore a Local ProjectMove a Project Between Domino DeploymentsUse the Domino CLI Behind a Proxy
Browser Support
Get Help with Domino
Additional ResourcesGet Domino VersionContact Domino Technical SupportSupport Bundles
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogCommunityTraining
User Guide
>
Domino Reference
>
Domino Runs
>
Advanced Options for Domino Runs
>
Environment Variables for Secure Credential Storage

Environment Variables for Secure Credential Storage

Domino’s environment variables give you a safe and easy way to inject sensitive configuration into the execution of your analysis or models.

Environment variables are stored securely. They can only be modified by the owners of the project or the editors of a model. They are not tied to the version history of your project or model, so they can easily be revoked.

Why use environment variables for configuration?

Your code might have to connect to external resources, like a database or S3. Often these connections are authenticated through a secure password, key, or token. Do not include this type of secure configuration directly in your source because:

  • You might want to share source files but not the credentials.

  • It’s difficult to scrub references to those credentials from a version control system like Git or Domino.

  • You might want only a more privileged user (like the project owner) to change certain configuration parameters. If configuration is all done through code, then all users that can modify the scripts can change the configuration.

Domino recommends that you store your configuration and permission separately, and have it injected when your code executes.

Set up project environment variables

Use environment variables to set up the secure configuration to be injected when the project executes.

Note
To set this up:
  1. Go to the Settings tab on the project.

  2. In the Environment variables section, add the key/value pairs that will be injected as environment variables:

    config

    The values are passed verbatim, so escaping is not required. The value has a 64K length limit.

Set up user environment variables

You can also configure environment variables on a per-user basis. The system injects these variables at execution time for any run that the user starts.

User Environment variables are automatically imported into runs across all projects, and can be accessed like any other Environment Variables. User-specific environment variables are not used or available in models.

Configure your user environment variables:
  1. Click your username and then select Account Settings to open the Account Settings page.

  2. Go to the User environment variables section.

  3. Configure variables for your user account in the same way as project environment variables (described previously).

Set up model environment variables

Use environment variables to set up your secure configuration to be injected at execution.

Note
  1. Go to the Settings tab on the model to configure.

  2. In the Environment section, add key/value pairs that will be injected as environment variables at execution.

The values are passed verbatim, so no escaping is required. The value has a 64K length limit.

When you add a variable the values are pushed to all running model versions.

Project level and user level environment variables are not used in Models and must be set separately on the model.

Connect to Git repositories

If you’re using a user level environment variable to connect to Github and download repositories, you must add the following into your environment definition:

USER root
RUN pip install git+https://personalaccesstoken:personalaccesstoken@github.com/<repo>
USER ubuntu

Hierarchy of environment variables

You can set the same variable in different places. Each level overrides the previous one in the following order:

  • Compute environment

  • Project

  • User Account

The following shows an example for how a variable’s values can be set and the expected result:

Place set

Run#1

Run#2

Run#3

Compute Environment

A

A

A

Project

-

B

B

User Account

-

-

C

Run Result

A

B

C

Read the environment variables

Every language has its own way of reading environment variables. In Python, it might look like this:

import os
s3 = S3Client(os.environ['S3_KEY'], os.environ['S3_SECRET'])

For more details, see Python help.

In R, it might look like this:

makeS3Client(Sys.getenv("S3_KEY"), Sys.getenv("S3_SECRET"))

For more details, see R help.

Domino Data LabKnowledge BaseData Science BlogCommunityTraining
Copyright © 2022 Domino Data Lab. All rights reserved.