Skip to content

Sift Configuration Templating

In a Sift configuration, the value of a configuration parameter may be template expression. A template expression is evaluated when loading the configuration. Sift uses Go's text/template library as the basis for templating. Template expressions are wrapped inside of {{ }}.

We recommend using template expressions to avoid storing secrets in your configuration file, especially if your configuration file is checked into a source code repository. Secrets can be stored in environment variables where Sift is run, and the values can be added to the configuration using a template expression (see Env).

We use this approach in configuration files created in the Configuration Wizard in the UI. Secrets such as authorization tokens are not only sensitive information, but may also be dynamic values that must be provided during each analysis run. Instead of storing authorization secrets in our Platform, the Configuration Wizard uses a template expression as a placeholder for each secret. You provide a value for each secret in an environment variable when running Sift.

Predefined Variables

The following predefined variables are available for use in template expressions.


Env is a map containing environment variables. For example, to use the value of environment variable USER1_AUTH_TOKEN, use the expression {{ .Env.USER1_AUTH_TOKEN }}.