How to Secure Retool
Step-by-step guide to securing your Retool internal tools and admin panels.
Retool Security Context
Retool connects directly to your databases and APIs to build internal tools. Proper RBAC configuration, database permissions, and credential management are essential to prevent unauthorized data access.
Security Checklist
Configure database permissions
CriticalUse read-only connections where write access is not needed.
Implement RBAC
CriticalSet up role-based access control for internal tools.
Secure API credentials
CriticalStore API keys and credentials securely in Retool resources.
Review query permissions
CriticalControl which users can run which database queries.
Enable SSO
Configure Single Sign-On for enterprise security.
Configure audit logging
Enable audit logs for compliance and monitoring.
Review resource access
Audit which apps can access which data sources.
Configure IP allowlisting
Restrict access to trusted IP addresses.
Enable 2FA
Require two-factor authentication for all users.
Review custom JavaScript
Audit any custom JavaScript transformers.
Configure environment variables
Use environment variables for sensitive data.
Review webhook security
Secure any exposed webhooks.
Configure data retention
Set appropriate data retention policies.
Review embedded apps
Secure any embedded Retool apps.
Test user permissions
Verify RBAC works correctly for all roles.
Run security scan
Use VibeEval to scan your application.