Introduction
It is a common requirement to need to include sensitive information such as API tokens and passwords in action options blocks. As other users can see action configurations, Tines provides the CREDENTIAL formula key which allows for the use of placeholders in action options blocks. When an action containing this runs, Tines will substitute in the corresponding credential. This means that sensitive data does not need to be stored as plaintext in Action configuration options or in a resource.
Creating a Credential
From the credentials page, select "New credential". You will then be prompted to choose the credential type.
Tines supports the following types of credentials:
Sharing a Credential
Credentials will, by default, only be accessible to the Team they are created within. Credentials can be configured to be shared with all other teams in the tenant by selecting the 'All teams & drafts' access option.
Need to share with other teams? Reach out to the team to discuss adding the feature to your Tines tenant.
Using a shared credential
Credentials with the same name as Credentials shared across multiple Teams will use the Credential located within the same Team as the Story.
You can view all credentials available to your team by clicking the "Shared with this team" section in the credentials page. You will not be able to view or modify the contents of the credential unless you have the relevant permissions in the team owning said credential.
Restricting a credential
We strongly recommend restricting the use of credentials to specific domains.
Security Considerations when using credentials
While this method dramatically increases the security of secret information in Tines, like any piece of security, it’s not absolute. For example, suppose Tines is interacting with a 3rd-party service. In that case, the service may insecurely include the credential’s value in its response, which Tines will then include in an emitted event.