beval/roster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
Page: Sensitive Variables
Pages
API Reference Architecture Backup Contributing Development Export FAQ Getting Started History Home Import Installation Keyboard Shortcuts Projects and Environments Scripts Sensitive Variables Translation Variables
Clone
3
Sensitive Variables
Pavel Baksy edited this page 2026-05-18 17:37:35 +02:00
Table of Contents

Sensitive Variables

Sensitive variables store their values in GNOME Keyring (encrypted) instead of plain-text JSON. Use them for API keys, passwords, and tokens.

Marking a Variable as Sensitive

In the Environments dialog, click the lock icon on a variable row. The icon toggles between locked (keyring) and unlocked (JSON). Existing values are automatically migrated when you toggle.

Sensitive variable values display as bullets (••••) in the dialog.

Usage in Requests

Works exactly like regular variables — use {{variable_name}} syntax. Roster retrieves and decrypts the value transparently before sending.

Script Access

Scripts access sensitive variables the same way as regular ones:

// Preprocessing
const key = roster.getVariable('api_key');  // decrypted automatically

// Postprocessing — if 'access_token' is marked sensitive, it goes to keyring
roster.setVariable('access_token', data.access_token);

Keyring Schema

  • Schema: cz.bugsy.roster.EnvironmentVariable
  • Attributes: project_id, environment_id, variable_name

Secrets are visible in Passwords and Keys (Seahorse) under the Login keyring.

Automatic Cleanup

Roster removes keyring entries when you delete or rename variables, environments, or projects.

Flatpak

Requires D-Bus permission --talk-name=org.freedesktop.secrets in the Flatpak manifest.