Understand Variables and Data Management
The Global AI platform builds its data and variable management strategy on two core architectural principles: workspace-based segregation and secure credential storage. Workspaces create isolated environments that separate data and control permissions granularly across different organizational units. The Vault complements this isolation by serving as a centralized, secure repository for sensitive information. It delivers both workspace-scoped secrets and environment-specific variable management to support diverse deployment scenarios.
Segregation and scope with workspaces
The Workspace serves as the fundamental concept for data organization and security in the platform, acting as a multi-tenant environment where the platform segregates data.
- Segregation: Each workspace maintains in isolation its own Workflows, Modules (sub-workflows), Actions (integrations/scripts), Schedules, Dynamic Forms, and the Vault for credentials. This separation ensures that different departments, such as IT and Finance, don't access each other's content.
- Permissions: The platform manages permissions per workspace, allowing access control to specific entities such as scheduled jobs, automation rules (sources), trigger workflows, and the vault.
Secure storage with the vault
The Vault is an essential resource for secure management of sensitive information, such as credentials.
- Function: It's a secure location to store credentials and variables that automations will use.
- Secrets per Workspace: Enables creating variables, secret or not, that only the workspace where you defined them can access. This resembles GitHub's secrets per repository feature.
- Scope-Dependent Variables (Clusters): The Vault offers the capability to manage different values for the same variable, depending on the deployment environment (for example, clusters). A password for an Amazon Web Services (AWS) cluster can differ from a password for an Azure cluster, with the same variable in the Vault managing both.