Skip to content
Orvanta Docs

Add Variables and Resources to Code

Resources and resource types enable structured configurations and connections to third-party systems. Variables and secrets provide encrypted, dynamic values for reusing information and securely passing sensitive data within scripts.

Resources

Section titled “Resources”

There are two primary approaches for utilizing resources in scripts.

Passing resources as parameters to scripts (preferred)

Section titled “Passing resources as parameters to scripts (preferred)”

With appropriate permissions and an existing resource type in the workspace, you can access resource types from scripts, flows, and apps using the Orvanta client or TypedDict in Python.

From the code editor’s toolbar, click the + Type button and select the appropriate resource type. For example, to access a PostgreSQL resource:

TypeScript:

type Postgresql = object;
// OR fully typed:
type Postgresql = {
  host: string;
  port: number;
  user: string;
  dbname: string;
  sslmode: string;
  password: string;
  root_certificate_pem: string;
};
export async function main(postgres: Postgresql) {
  // Use Resource...
}

Python:

from typing import TypedDict
class postgresql(TypedDict):
    host: str
    port: int
    user: str
    dbname: str
    sslmode: str
    password: str
    root_certificate_pem: str
def main(selected_postgres: postgresql):
    # Use Resource...

Select the resource in the arguments section on the right. You can also edit the resource or create a new one directly from the code editor.

Fetching resources within scripts

Section titled “Fetching resources within scripts”

Click + Resource to pick a resource from your workspace and fetch it within the script.

TypeScript:

orvanta.getResource('u/user/foo');

Python:

orvanta.get_resource("u/user/foo")

Go:

orvanta.GetResource("u/user/foo")

Bash:

Terminal window
curl -s -H "Authorization: Bearer $WM_TOKEN" \
  "$BASE_INTERNAL_URL/api/w/$WM_WORKSPACE/resources/get/u/user/foo" \
  | jq -r .value

Contextual variables

Section titled “Contextual variables”

Contextual variables hold values relative to script execution and are automatically set by Orvanta. They enable Deno and Python clients to obtain implicit credentials for platform interaction.

Access contextual variables by clicking +Context Var. These reserved variables are passed as environment variables to jobs (for example, the ephemeral token passes as WM_TOKEN).

User-defined variables

Section titled “User-defined variables”

Variables are used within scripts through two approaches.

Passing variables as parameters

Section titled “Passing variables as parameters”

Variables can be passed as script parameters using the UI-based variable picker. The variable becomes a string formatted as $var:<variable_path> and is replaced by the worker at execution time. Job execution will fail if inherited permissions don’t allow variable access.

Fetching variables within scripts

Section titled “Fetching variables within scripts”

Click + Variable to select a variable from your workspace and retrieve it within the script.

TypeScript:

orvanta.getVariable('u/user/foo');

Python:

orvanta.get_variable("u/user/foo")

Go:

orvanta.GetVariable("u/user/foo")

Bash:

Terminal window
curl -s -H "Authorization: Bearer $WM_TOKEN" \
  "$BASE_INTERNAL_URL/api/w/$WM_WORKSPACE/variables/get/u/user/foo" \
  | jq -r .value

The bash example demonstrates the underlying mechanism: it fetches the secret from the API using the job’s permissions through the ephemeral token passed as an environment variable.