Skip to main content

Add Resources and Variables to Code

You can directly access Variables and Resources from the Code Editor.


Resources and Resource Types
Resources are structured configurations and connections to third-party systems, with Resource Types defining the schema for each Resource.
Variables and Secrets
Variables and Secrets are encrypted, dynamic values used for reusing information and securely passing sensitive data within scripts.

Resources

There are 2 main ways resources are used within scripts:

Passing resources as parameters to scripts (preferred)

Provided you have the right permissions and the resource type exists in the workspace, you can access resource types from scripts, flows and apps using the Windmill client or TypedDict in Python.

From the code editor's toolbar, click on the + Type button and pick the right resource type. For example, to access the u/user/my_postgresql resource of the posgtgresql Resource Type we would create a script:

type Postgresql = object;
// OR one can fully type it
type Postgresql = {
	host: string;
	port: number;
	user: string;
	dbname: string;
	sslmode: string;
	password: string;
	root_certificate_pem: string;
};

export async function main(postgres: Postgresql) {
	// Use Resource...
}

And then select the Resource in the arguments section on the right:

Select resource

tip

You can also edit the Resource or even create a new one right from the Code editor.

Fetching them from within a script by using the wmill client in the respective language

By clicking on + Resource, you'll get to pick a resource from your workspace and be able to fetch it from within the script.

Typescript:

wmill.getResource('u/user/foo');

Python:

wmill.get_resource("u/user/foo")

Go:

wmill.GetResource("u/user/foo")

Bash:

curl -s -H "Authorization: Bearer $WM_TOKEN" \
  "$BASE_INTERNAL_URL/api/w/$WM_WORKSPACE/resources/get/u/user/foo" \
    | jq -r .value

Fectch resource

Contextual variables

Contextual Variables are variables whose values are contextual to the Script execution. They are automatically set by Windmill. This is how the Deno and Python clients get their implicit credentials to interact with the platform.

See the Contextual tab on the Variable page for the list of reserved variables and what they are used for.

You can use them in a Script by clicking on "+Context Var":

Contextual variable

Reserved variables are passed to the job as environment variables. For example, the ephemeral token is passed as WM_TOKEN.

User-defined variables

There are 2 main ways variables are used within scripts:

Passing variables as parameters to scripts

Variables can be passed as parameters of the script, using the UI based variable picker. Underneath, the variable is passed as a string of the form: $var:<variable_path> and replaced by the worker at time of execution of the script by fetching the value with the job's permissions. So the job will fail if the job's permissions inherited from the caller do not allow access to the variable. This is the same mechanism used for resource, but they use $res: instead of $var:.

Fetching them from within a script by using the wmill client in the respective language

By clicking on + Variable, you'll get to pick a variable from your workspace and be able to fetch it from within the script.

Typescript:

wmill.getVariable('u/user/foo');

Python:

wmill.get_variable("u/user/foo")

Go:

wmill.GetVariable("u/user/foo")

Bash:

curl -s -H "Authorization: Bearer $WM_TOKEN" \
  "$BASE_INTERNAL_URL/api/w/$WM_WORKSPACE/variables/get/u/user/foo" \
    | jq -r .value

The last example is in bash and showcase well how it works under the hood: It fetches the secret from the API using the job's permissions through the ephemeral token passed as environment variable to the job.