Global Secure Variables

I believe this is already a feature.
NMM>Settings>Integrations>Secure Variables

While there are variables at the MSP level, a Nerdio engineer confirmed for me today they do not inherit down to the client level.

Good call.
It looks like they don't pass through to the account level.
I'm curious now what the intent of those variables would be since they don't pass through.

My only guess would be if you were making use of global Desktop Images.  If only my clients were standardized enough for such fun ;)

Haha. If only . . . 😁

@Nerdio if we could do something like $MSPSecureVars.Variable_Name, it would make it really simple to update existing scripts to use the new global variable. 

Another option would be to add a drop-down to choose which accounts are assigned the global variable. 

Hi Ryan Dorman, DStephenson. The reason that Secure Variables won't get passed on to the customer account level is because they are 'secure'. Sharing them with the customer account level would expose them and make them less secure. But as we're looking for ways to expand the scope for the usage of secure variables, this is valuable information and I totally get your point. I'm thinking inheritance could be an opt-in per entry, would that cause any concerns?

Per-variable inheritance would be the best of all options.... I love that idea.

I would like to see this as well. I have a few scripts that will use the same value for all accounts IE Huntress and my RMM. In heritance per-entry would be great. The less things my techs need to do in account creation the better and less likely errors will be made or things forgotten. 

Robert Reid, Ryan Dorman, DStephenson. I'd like to share that we're currently working on this, expect to see some additional features coming to Secure Variables soon!

It looks like @Nerdio added a feature in the latest v4.8.0 version of NMM with Inherited Variables!

Scripted Actions - MSP-Level Secure and Inherited Variables – Nerdio Help Center

Scripted Actions - Account-Level Secure and Inherited Variables – Nerdio Help Center

How Secure are the Inherited Variables? Some of the variable I want to pass from the MSP level are tokens for Applications install on every client device. Example - the token for our RMM where all devices are in the same site.

Robert Reid, the Nerdio documentation says "Inherited variables [are] Stored in the Nerdio Manager Database".
I'm hoping someone from Nerdio can verify, but I believe that since NMM is creating the database, and all Azure Databases are encrypted by default, it should be secure. Obviously, if someone manually adds access/connections to the SQL Server or SQL database, that won't be 100% true, but out of the box, it should be secure. 🤓

DStephenson, that actually helps. I will double check with my Team that they agree this should be safe, but this will make the chance for human error so much smaller.

I was testing with the Inherited variables and our purpose is to pass a user and pwd to a script which download some files from a private github repo. When executing the script, the inherited vars are displayed as plain text in the logging so they're visible for everyone who have access to the logs from Nerdio. Should be nice if the inherited vars can be secured so only admins can read/change them.

+1 for the need to have Inherited Secured Variables. My example is storing info for Sophos Endpoint Installation. Some info is Partner level (MSP), other info is Customer / Tenant level. Aside from the internal use of the variables, Inherited Variables make more sense as they can be defined in one place (MSP), and don't have to be manually recreated at the Customer level is a great benefit.