Environment variables, as the name suggests, are variables in your system that describe your environment. In data projects they are typically used to securely store passwords, secrets, and tokens to access data sources that are not natively supported or to connect to external services (like GitHub and Slack).
When you connect a set of environment variables to your workspace, you can access these variables with some simple Python or R code. This is a safer approach compared to just copy-pasting secrets in your notebook verbatim straight away:
# The bad way
# The good way
secret_token = os.environ.get("API_TOKEN")
To start using environment variables, head over to "Environment" and click on the plus sign in the environment section and walk through the steps. In Workspace, environment variables are created as sets, so environment variables that are related (e.g. used for the same data connection) can be managed together.
Before you can use a set of environment variables in your workspace session, make sure you connect them; your workspace session will restart for these changes to take effect. The next time you boot up the workspace, the environment variables that were connected to the workspace before will be reconnected automatically.
Your secrets in the enterprise-grade security storage solution Vault, built and managed by Hashicorp. Your secrets are never stored on DataCamp's servers unless you print them out in clear text in your workspace.
Who can see and use environment variables I set up?
If you set up environment variables in your personal account, only you can connect and use them. They can not be shared with other users. This means that you cannot invite other users as an editor to a personal workspace that has environment variables connected.
If you set up environment variables in a group that you're a part of, you can use and edit the environment variables, but also other members of the group can use the environment variables.
We will soon add role-based access control, so that you are able to control access to environment variables more granularly.
Can I lock down my database to specific IP addresses?