auto-remediation DevOps stackstorm

Stackstorm using Configuration variables in python runner actions

What do you do when you don’t want a caller of the api to know the connection credentials to a service on stackstorm? But also don’t want to have to set these variables in the environment when calling the action from a rule?

You should use pack configuration

Setup your Pack Config Schema

You need to set a pack configuration schema first.

    description: "ip or hostname of fortimail server"
    type: "string"
    required: true
    description: "name of user logging in to fortimail"
    type: "string"
    secret: true
    required: true
    description: "password of user logging in to fortimail"
    type: "string"
    required: true
    secret: true


Configure your Config Interactively

Instead of setting the credentials in a file (IaC) you can configure a pack interactively with:

st2 pack config cloudflare

The generated file will be created at:


Using Pack Configuration  in Actions

You can use config_context to access the pack config variables:

name: "send_sms"
runner_type: "python-script"
description: "This sends an SMS using twilio."
enabled: true
entry_point: ""
        type: "string"
        description: "Your twilio 'from' number in E.164 format. Example +14151234567."
        required: false
        position: 0
        default: "{{config_context.from_number}}"

Get Pack Config from a Python Runner

If you want to get a pack config value from the python runner you can use:

Within def run(self, variable1, variable2):

if self.config.get('hosts', None):
    _hosts = self.config['hosts']
    raise ValueError("Need to define 'hosts' in either action or in config")

Provided you are extending from st2common.runners.base_action.Action