Introducing App Settings: A New Home for your Configurable App Secrets!

We all love new platform features, don’t we?

We are happy to introduce our new platform feature: App Settings!

With App Settings, you can securely store secret credentials, sensitive information, or any other configuration information outside of the app source code and use them seamlessly within your app. Think of App Settings as environment variables accessible across all published versions of your app. This feature allows developers to set confidential data as environment variables during app submission in the App Management Portal instead of hard-coding them.

If you need to update credential values after submitting your app to the Freshworks Marketplace, you can do so directly on the app details page. The updated credential values will then apply to all existing versions of the app that utilize the App Settings functionality. Please note that updating settings no longer requires an app upgrade or review, resulting in a faster turnaround time.

This eliminates the need to republish a new app version every time you need to update these credentials.

Here’s what App Settings offers:

  1. Centralized configuration: Manage your app’s critical information outside of the source code, making it easier to update and maintain.
  2. Enhanced security: Our platform’s encrypted environment keeps sensitive data secure in your app, making it accessible only within your app’s execution environment.
  3. Dynamic updates: You can update configuration settings quickly without redeploying your app, ensuring minimal downtime and swift adjustments.
  4. Validation on updates: Use a new app setup event to validate the app settings values before they take effect. This ensures that only valid changes are applied, maintaining the stability of your apps in production.

Get started with App Settings in just three steps:

  1. Define the app settings in your app.
  2. Use these settings in your app and test them in your local environment.
  3. Add values for your defined app settings in the App Management Portal and publish your app.

For more detailed instructions on how to use App Settings, please refer to our documentation.

Happy coding, and we can’t wait to see what you build next!

2 Likes

Hi,

I’m trying to make use of this app_settings.json and I get the following error when I execute fdk run

Please ensure that the following are addressed for quick review process:

That’s it. There’s no specific mention of what’s wrong.
My fdk version is 9.1.1.

I have already implemented onSettingsSave in server.js.

My app_settings.json looks like this.

{
  "lifecycleFunctionSecret": {},
  "lifecycleFunctionUrl": {}
}

Please help with ublock.

I guess you should be having onSettingsUpdate defined in your server.js

exports = {
    onSettingsUpdate: function(args) {
        onSettingsUpdateHandler(args)
    }
};

I was also curious if it is accessible via frontend using client object or can be accessible only via events and SMI since the information is mostly secure. Could be useful for feature flagging settings

Yes, I do have the onSettingsUpdate handler implemented. Turns out that it requires fdk 9.2.0 or above. After upgrade, it worked.

Can you please mention the minimum fdk verion in the docs?

I have questions over the review process of the app when it is submitted with app_settings.

Are we expected to provide the secrets to the QA review team?
Is there is a safe way to transfer these secrets?
How do we ensure that these tokens/secrets are not misused?

@Tanmay_Kapoor @Siva_Venkatachalam @nirmal.kumar

Hi @arunrajkumar235,

The app settings feature is launched with the 9.2.0 FDK version, which is the minimum required version, as you guessed. Let me ensure it’s updated in our documentation.

Let me answer your other queries.

  1. Yes, currently, we do not automatically make app settings values available to the app reviewers. You will have to provide the App settings secrets to the app review team if they cannot generate one themselves with a third party or some instructions.
  2. The short answer is NO. You can share the secrets by email with the app reviewers. They will also be handled like the app file and iparam sharing were handled before and now. If possible, please share the instructions with the app reviewers so they can generate the required app settings themselves. So, they safely fetch it themselves.
  3. The Freshworks privacy policy applies throughout our platform, including the app review process. So, it’s our responsibility to ensure any secrets/tokens shared are kept safely and not misused.
1 Like

Really excited to try out this feature. Thanks Team!

The documentation states “These credentials are defined as environment variables within the app code, and their values are set on the app details page when submitting the app to the Freshworks Developer portal.” It’s not clear to me how the app settings are used within server.js. Are they accessed just like key-value in the data store? Are they accessed as process.env values? Is there some example code? The documentation is not clear at all in this respect.