Add the .env

Pandium will give your integration its secrets, tenant settings, and context when it runs on Pandium. You will use a .env to give that information to your integration when it is run locally.

You can read more about the environmental variables Pandium gives your integration during run time.

  1. Add a .env file to the root folder of your integration, so your file structure should look like this:

  ├── build 
  ├── node_modules 
  ├── src     
  │   ├── index.ts
  │   └── lib.ts
  ├── .env
  ├── package.json
  ├── PANDIUM.yaml
  └── tsconfig.json

  1. Add this new .env to your .gitignore. This ensures that the secrets kept there will not be published to a remote repository.

When you connected your tenant on Pandium it installed the Slack App to your Slack workspace. This generated an OAuth access token, which Pandium has saved so your integration can access it when you run the tenant. You need to put that access token in your .env, so let's find its value.

  1. Go to https://api.slack.com/apps.

  2. Under Your Apps, click on your Pokémon of the Day app. This is the one you created to get the client ID and client secret to provision your integration's Slack connector.

  3. On your Slack App's OAuth & Permissions page find the OAuth Tokens for your Workspace section. A Bot User OAuth Token should now be displayed because it was generated when you connected your tenant.

When you created the Pandium record of your integration on the Integration Hub, you clicked Show Secret Keys for the Slack connector and discovered a secret called PAN_SEC_SLACK_OAUTH_ACCESS_TOKEN.

  1. Add the following line to your .env file, replacing the value with your Slack App's Bot User OAuth Token.

PAN_SEC_SLACK_OAUTH_ACCESS_TOKEN = xoxb-....

Part of the context for a Pandium integration is run mode; it can be normal or init.

  1. Add the following line to your .env file:

PAN_CTX_RUN_MODE = normal

  1. To check that your integration is reading from your .env correctly run npm run build && npm run start. Since the package.json's start script is node build/src/, you should see something like this logged:

> pokemon-of-the-day@1.0.0 start
> node build/src/

This run is in mode: normal
------------------------CONFIG------------------------
Config {}
------------------------SECRET------------------------
Secret {
  slack_oauth_access_token: 'xoxb-...'
}
------------------------CONTEXT------------------------
Context { run_mode: 'normal' }
------------------------ENV----------------------------
{...}

The run mode and slack token from the .env have been successfully read!

One difference from what is displayed above is that the secret will be printed in full. Such a log is useful to confirm that you can access that secret from the .env. However it should not be kept because you don't want to accidentally push code that publishes a user's secret.

  1. In the src/index.ts remove the lines where the secrets are logged.

You may have noticed that src/index.ts uses console.error for it logs rather than console.log. When writing an integration to be run on Pandium, console.log should be reserved for the standard out, and all other logs should be written to stderr.

Another difference from what is displayed above is that the environment object will be quite large. It's useful to see what that object gives you access to, but for this integration we will only be using the environmental variables from our .env file.

  1. In the src/index.ts remove the lines where the whole environment object is logged.

The Pokémon Trainer Academy hasn't requested any configs for this integration. That's why we haven't added any PAN_CFG variables to the .env yet, so it makes sense that the config object is still empty.

Let's update the Connections Settings page for the integration to remove the irrelevant configuration options that were displayed when you created your first tenant.

Last updated