Complete Guide to Retool GitHub Integration and Source Control

Hieu Nguyen
April 16, 2025
15 mins
Complete Guide to Retool GitHub Integration and Source Control

Integrating source control between Retool and GitHub enables robust version management for applications, queries, workflows, and collaborative development. This guide provides a detailed walkthrough of the configuration process, addressing common pitfalls and clarifying technical requirements. By following these steps, teams can implement a secure, audit-friendly workflow with branch protection, pull request reviews, and automated deployments. Integrating Retool source control with GitHub ensures smooth versioning, deployment, and teamwork.

1. Repository Setup for Retool GitHub Integration

Creating a Dedicated GitHub Repository

Begin by initializing a new repository in GitHub with strict isolation from existing projects. Navigate to Your Profile > Repositories > New and configure:

  • Repository name: Enter the name of the new repository
  • Visibility: Private (default for sensitive Retool configurations)
  • Initialize with README: Mandatory to avoid orphaned repository errors.

Retool’s source control integration requires a mainbranch as the canonical source of truth. Setting up a dedicated Retool GitHub App allows secure and scalable API access for your applications. Avoid modifying this branch directly-all changes must flow through protected branches and pull requests.

Configuring the GitHub App for API Access

GitHub Apps provide granular permissions compared to personal access tokens. Create one via GitHub Settings > Developer Settings > GitHub Apps > New GitHub App with these critical settings:

Configuring the GitHub App for API Access

After creation, install the app on the target repository and note two identifiers:

  • App ID: Visible in the app’s general settings.
  • Installation ID: Found in the installation URL (https://github.com/settings/installations/[ID]).

2. Secure Your Retool GitHub Integration with Private Key Authentication

Generating and Encoding the Private Key

From the GitHub App’s Private Keys section, generate a PEM-formatted key. This key must be:

  1. Base64-encoded: Use terminal commands to ensure correct formatting:
# Linux/macOS
base64 -w 0 private-key.pem > encoded-key.txt

# PowerShell
$keyBytes = [System.IO.File]::ReadAllBytes("[private-key].pem")
[System.Convert]::ToBase64String($keyBytes) | Out-File "[encoded-key].txt"
  1. Validate via SHA-256 Hash: GitHub displays the key’s SHA-256 fingerprint upon download. Verify it locally using:
openssl dgst -sha256 -binary [private-key].pem | base64

Mismatches indicate file corruption or encoding errors-regenerate the key if discrepancies occur.

3. Configuring Retool Source Control and Connecting to GitHub

Network and Firewall Requirements

For self-hosted Retool instances behind corporate firewalls, allowlist GitHub’s IP ranges (140.82.112.0/20, 192.30.252.0/22) and Retool’s outbound IPs based on region:

Cloud-hosted Retool organizations must enable Allow access from Retool IPS in GitHub repository settings and have an Enterprise plan.

Connecting Retool to GitHub

In Retool’s Settings > Source Control > GitHub, provide:

  • GitHub App ID: Numeric identifier from the app’s settings.
  • Installation ID: From the installation URL.
  • Base64-encoded Private Key: Contents of encoded-key.txt.
  • Repository: owner/repo-name.

Click Test Connection to validate credentials and network connectivity. Common failures include:

  • Invalid Key Encoding: Retool expects raw Base64 without line breaks.
  • Firewall Blocks: Confirm GitHub’s IP ranges are allowlisted.

Connecting Retool to GitHub properly is critical to avoid sync issues and ensure your Retool GitHub integration works smoothly across environments.

4. Managing Retool Branch Protection and Deployment with GitHub

Protecting Apps and Modules

In Retool’s editor, Protect an app to create a feature branch. This:

  • Locks the main branch against direct edits.
  • Enabling Retool branch protection helps teams enforce code reviews and prevent risky changes from being merged accidentally.
  • Commits the current state to the new branch.
  • Generates a pull request template in GitHub.

Multi-Element Commits

Retool allows atomic commits spanning apps, queries, JavaScript modules, and workflows.

When committing:

  1. Stage related changes across components.
  2. Use semantic commit messages (e.g., feat: Add OAuth2 login workflow).
  3. Push to the remote branch and create a PR via Retool’s Open Pull Request button

Merging and Deployment

After PR approval:

  1. Squash and Merge in GitHub to maintain a linear history.
  2. Retool’s Deployment Dashboard automatically detects the merge and deploys to the linked environment.
  3. Monitor deployment logs for errors like schema mismatches or invalid queries.

5. Troubleshooting Retool GitHub Integration and Sync Issues

Recovering from Sync Failures

If Retool’s deployment fails due to repository drift:

  1. Reset Local Branch: Use git fetch origin && git reset --hard origin/main in Retool instance’s console.
  2. Redeploy Manually: Trigger a sync via Deployment Dashboard > Redeploy.

Auditing and Access Controls

  • GitHub Branch Protection: Enable Require signed commits and Require status checks to enforce code reviews.
  • Retool Permission: Restrict source control configuration to space admins via Setting > Groups > Edit Permissions.

6. Scaling Retool Source Control and CI/CD with GitHub

Monorepo vs. Polyrepo Strategies

CI/CD Pipeline Integration

Extend Retool’s native deployment with GitHub Actions. Adding CI/CD pipelines to your Retool GitHub integration speeds up testing, ensures consistency, and cuts down human errors during production deployments:

name: Retool Deployment Check
on:
  workflow_run:
    workflows: ["Deploy Production"]
    types:
      - completed

jobs:
  post-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Verify Retool Deployment
        run: |
          curl -X POST -H "Authorization: Bearer $RETOOL_API_KEY" \
            https://$RETOOL_INSTANCE/api/deployments/$DEPLOYMENT_ID/verify

Conclusion

Integrating Retool with GitHub source control establishes an enterprise-grade framework for application lifecycle management. By adhering to the authentication protocols, network policies, and merge strategies outlined here, organizations can achieve audit compliance, reduce deployment errors, and streamline collaborative development. Future enhancements may include native support for GitOps workflows and granular permission modeling within Retool’s interface.

Build Powerful Internal Tools with Retool

At Retoolers, we help businesses create custom dashboards, admin panels, client portals, and full workflow automation solutions using Retool. From idea to execution, we’ve got the skills to make it happen.

Let’s build something great together — contact Retoolers today.

Hieu Nguyen
Retool Developer

Request for Quote

We will get back to you soon. As part of our process, you’ll receive a FREE business analysis to assess your needs, followed by a FREE wireframe to visualize the solution. After that, we’ll provide you with the most accurate pricing and the best solution tailored to your business. Stay tuned—we’ll be in touch shortly!

Get a Quote
Developer Avatar
Concerned about the price or unsure how we can help? Let's talk!
Retool Agency Partner
Let's solve it together!
Free Quote
Book a Call
Get a Quote