How to handle Credentials in Forge Apps

I have two Forge Apps where i need to access another API and have to Authenticate via Bearer Token. Right now the Bearer Token is plain Text in the Code and therefore in our Git Repository.

I feel uneasy about having this Token plain text in my code, is there a way i can have it elsewhere and only add it while deploying?

In other Languages i would put it into a separate Config File, which i have on gitignore so it doesn’t get checked in by accident, and only locally have the real Token.

Is there a Way for this or something similar in Forge?

Thanks for your help.

Best Wishes

Hi Michael,

I think the correct way to do this is via Forge Environment Variables.

You can also encrypt the values you are storing in this way, per environment, before deployment.

Hope that helps,



As long as the bearer token is appropriate a system token (for all users of the app), then the environment variable option fits. For example, with client_credentials for the app itself.

On the other hand, if you need per-tenant or per-user secrets, then you would want the Forge secure storage feature just announced here: