Skip to main content
Desktop Parameters allow you to configure machine-specific values that automatically populate workflows running on that desktop. This is useful for credentials, file paths, or IDs that are unique to each machine.

The Problem

You have workflows that need different input values depending on which machine runs them:
  • Different login credentials for each machine
  • Machine-specific file paths or configurations
  • Hardware-specific settings or IDs
You can’t hardcode these in your workflow prompts because you don’t always know which machine will be assigned to a run.

The Solution

Set Desktop Parameters on each machine. When a run is assigned to that machine, the parameters automatically populate as input values.

How It Works

  1. Configure Parameters: In the desktop details page, add parameters with names and values in the “Edit” dialog
  2. Use in Workflows: Reference them in prompts using standard syntax: {parameter_name} or {$sensitive_parameter}
  3. Automatic Population: When a run is assigned to this desktop, parameters merge with run input values
  4. Priority: Desktop parameters override run-level input values if both are provided

Example

Setup Desktop Parameters

In the desktop details page, click the “Edit” button in the top right, then configure parameters for Machine A: 
{
  "username": "user_machine_a",
  "api_url": "https://api-region-east.example.com",
  "database_path": "C:\\MachineA\\data.db"
}

Use in Workflow

Log in to the system at {api_url} using username {username}.
Then open the database at {database_path} and run the query.

Result

When this workflow runs on Machine A, the system automatically replaces:
  • {api_url}https://api-region-east.example.com
  • {username}user_machine_a
  • {database_path}C:\\MachineA\\data.db

Sensitive Parameters

For sensitive values like passwords or API keys, mark parameters as “Sensitive”:
  1. In the edit desktop dialog, check the “Sensitive” checkbox when adding a parameter
  2. Enter the sensitive value (it will be obscured as you type)
  3. The value is stored securely in Basis Theory
  4. Use in prompts with sensitive syntax: {$password}

Example with Sensitive Parameters

Desktop parameters: 
{
  "username": "admin_user",
  "$password": "●●●●●●"
}
Workflow prompt: 
Log in using {username} and password {$password}.
The system securely retrieves and injects the password at execution time.

Configuration via SDK

You can also set desktop parameters programmatically: 
from cyberdesk import Cyberdesk

client = Cyberdesk(api_key="your_api_key")

# Update machine with parameters
client.machines.update(
    machine_id="machine-id",
    machine_parameters={
        "username": "machine_specific_user",
        "config_path": "/opt/app/config.json"
    },
    machine_sensitive_parameters={
        "api_key": "actual_secret_value_123",  # Will be stored securely, only revealed at the last mile, never logged
        "password": "actual_password_456"
    }
)

Best Practices

✅ Good Use Cases

  • Machine-specific credentials or API keys
  • Hardware-specific paths or configurations
  • Region-specific URLs or endpoints
  • Machine-assigned identifiers

❌ Avoid

  • Workflow-specific logic (use input values instead)
  • Data that changes frequently (parameters are relatively static)
  • Large datasets (use file attachments instead)

Priority and Overrides

When both run input values and desktop parameters are provided:
  1. Desktop parameters take priority and override run-level inputs
  2. Overridden run-level sensitive values are automatically cleaned up
  3. Desktop parameters persist across runs and are not deleted after execution

Security

  • Sensitive desktop parameters are stored in Basis Theory
  • Values are never displayed in the UI after being saved
  • Only parameter names are visible; values show as ”●●●●●●”
  • Sensitive values are injected at execution time and never logged
  • Desktop parameters are only accessible to runs on that specific machine