Skip to content

Add getSecret formula function #3481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yurikuzn merged 4 commits into from
Oct 4, 2025
Merged

Add getSecret formula function #3481

yurikuzn merged 4 commits into from
Oct 4, 2025
+62 −0

Conversation

@traien
Copy link
Contributor

@traien traien commented Oct 1, 2025
edited
Loading

Problem

Currently, when reading secrets via formula scripts, only the encrypted value of a secret is returned. For example:

$secretValue = null;

$secretId = record\findOne('AppSecret', null, null, 'name', 'SECRET_NAME');

if ($secretId) {
    $secretValue = record\attribute('AppSecret', $secretId, 'value');
}

This makes it impossible to directly use the actual secret value inside formula logic or workflow http request payload.

Solution

Introduce a new formula function:

util\getSecret(secretName)

This function returns the decrypted value of the secret, making it much easier to work with secrets in formula scripts.

Example Usage (Formula Sandbox)

$secretValue = null;

$secretId = record\findOne('AppSecret', null, null, 'name', 'test');

if ($secretId) {
    $secretValue = record\attribute('AppSecret', $secretId, 'value');
}

output\printLine($secretValue); // Encrypted value

$actualSecretValue = util\getSecret('test');

output\printLine($actualSecretValue); // Decrypted value

@yurikuzn
Copy link
Contributor

yurikuzn commented Oct 1, 2025
edited
Loading

Hi. I believe ext is more appropriate place for the function. Maybe ext\appSecret\get.

@traien
Copy link
Contributor Author

traien commented Oct 1, 2025

I have updated it to ext\appSecret\get and here it is new example:

$secretValue = null;

$secretId = record\findOne('AppSecret', null, null, 'name', 'test');

if ($secretId) {
    $secretValue = record\attribute('AppSecret', $secretId, 'value');
}

output\printLine($secretValue); // Encrypted value

$actualSecretValue = ext\appSecret\get('test');

output\printLine($actualSecretValue); // Decrypted value
image

@traien traien marked this pull request as ready for review October 1, 2025 15:36
@traien traien mentioned this pull request Oct 1, 2025
Closed
@yurikuzn
Copy link
Contributor

yurikuzn commented Oct 2, 2025

Thank you for the PR. I'll look into when get a chance.

@yurikuzn yurikuzn merged commit 9361046 into espocrm:master Oct 4, 2025
3 checks passed
@traien traien deleted the feature/add-getsecret-formula branch October 4, 2025 10:18
@yurikuzn
Copy link
Contributor

yurikuzn commented Oct 4, 2025

A few changes: e6611e1
Throwing an error and return type.

yurikuzn pushed a commit that referenced this pull request Oct 4, 2025
@traien @yurikuzn
Add getSecret formula function (#3481)
2ddfa39 
* add getSecret formula function

* simplify getSecret method by removing unnecessary null check

* update process method to allow nullable return type

* rename getSecret function to ext\appSecret\get
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@traien @yurikuzn