From 5d5f455b3c31124e274692d058c8808dd4753d75 Mon Sep 17 00:00:00 2001
From: Katherine <katherine_15995@163.com>
Date: Wed, 8 Jan 2025 09:32:49 +0800
Subject: [PATCH] feat: supports configuring dynamic environment variables and
 secrets (#5966)

* feat: environments plugin

* feat: improve code

* fix: improve code

* feat: improve code

* refactor: package description

* feat: bulk import

* fix: remove

* refactor: file manager support environment variables

* refactor: file manager support environment variables

* refactor: map manager support environment variables

* refactor: support environment variables

* refactor: support environment variables

* refactor: support delete environment variables

* fix: bug

* refactor: workflow support environment variables

* refactor: email  environment variables

* refactor: support bulk import

* refactor: support bulk import

* refactor: support bulk import

* refactor: support bulk import

* refactor: code improve

* feat: env

* chore: update

* feat: environment

* fix: bug

* fix: acl snippet

* fix: acl snippets

* chore: map manager

* refactor: support line break

* refactor: support password

* chore: environment variables

* fix: bug

* fix: bug

* chore: enviroment variables

* chore: system settings

* fix: improve code

* feat: verification

* feat: map

* feat: file-manager

* feat: notification

* fix: bug

* feat: workflow

* fix: improve code

* fix: bug

* feat: data-source

* feat: auth

* fix: error

* fix: bug

* refactor: description

* refactor: locale

* refactor: locale

* refactor: locale

* refactor: code improve

* refactor: locale

* refactor: locale

* style: style improve

* fix: error

* fix: bug

* fix: bug

* refactor: environment

* fix: ellipsis

* refactor: password

* fix: bug

* fix: bug

* fix: bug

* fix: bug

* fix: bug

* chore: test

* fix: cache

* fix: mysql dialect options

* refactor: email config form

* fix: bug

* fix: bug

* fix: authenticator.dataValues parse

* fix: include undefined

* fix: json

* fix: json parse

* chore: enviromentProvider

* fix: acl

* fix: rowKey

* fix: update ProviderOptions.tsx

* feat: get app instance

* fix: bug

* fix: text

* fix: build error

* fix: error

* chore: migration rules options

* chore: migration rules

* refactor: code improve

* feat: env v2

* chore: environment varibales

* chore: environment serve

* fix: getVariables

* feat: improve code

* fix: bug

* chore: collection options for migration

* chore: tree collection options

* chore: migration rules

* chore: migration rules

* chore: env api

* chore: env api

* fix: optionsKeysNotAllowedInEnv

* fix: required true

* fix: improve code

* fix: app refresh

* fix: remove db.import

* fix: type error

* fix: map

* refactor: locale improve

* refactor: tx-cos

* fix: undefined

* refactor: code improve

* chore: use bookworm

* fix: npm add user

* fix: npm login

* fix: npm adduser

* fix: npm adduser

* fix: expect

* fix: expect

* fix: environmentVariables

* refactor: support bulk delete & filter

* refactor: locale improve

* feat: filter

* refactor: useGlobalVariable

* fix: scope

* fix: bug

* fix: optionsKeysNotAllowedInEnv

* fix: test error

* fix: test

* fix: test

* feat: improve code

---------

Co-authored-by: chenos <chenlinxh@gmail.com>
Co-authored-by: Chareice <chareice@live.com>
---
 .gitignore                                    |  14 -
 Dockerfile                                    |  17 +-
 docker/nocobase/Dockerfile                    |   4 +-
 lerna.json                                    |   4 +-
 packages/core/auth/src/auth.ts                |   4 +
 .../client/src/application/Application.tsx    |   9 +
 .../client/src/application/hooks/index.ts     |   1 +
 .../application/hooks/useGlobalVariable.ts    |  31 ++
 .../Input/inputComponentSettings.tsx          |   2 +-
 .../src/schema-component/antd/input/Json.tsx  |  15 +-
 .../antd/variable/TextArea.tsx                |  18 +-
 .../antd/variable/TextAreaWithGlobalScope.tsx |  61 +++
 .../schema-component/antd/variable/index.ts   |   1 +
 .../SystemSettingsProvider.tsx                |   7 +-
 .../SystemSettingsShortcut.tsx                |   9 +-
 .../src/variables/VariablesProvider.tsx       |   1 -
 .../src/collection-manager.ts                 |   8 +-
 .../data-source-manager/src/collection.ts     |   4 +-
 .../src/data-source-factory.ts                |  14 +-
 .../src/data-source-manager.ts                |   5 +-
 .../data-source-manager/src/data-source.ts    |  13 +-
 .../src/sequelize-collection-manager.ts       |   6 +
 .../core/data-source-manager/src/types.ts     |   6 +
 .../src/__tests__/underscored-options.test.ts |   2 +-
 packages/core/database/src/collection.ts      |   5 +-
 packages/core/database/src/database.ts        |   1 +
 .../database/src/dialects/mysql-dialect.ts    |   6 +
 .../src/fields/belongs-to-many-field.ts       |   3 +
 packages/core/server/src/application.ts       |   8 +
 packages/core/server/src/environment.ts       |  47 ++
 .../server/src/helpers/application-version.ts |   1 +
 .../src/plugin-manager/options/collection.ts  |   1 +
 packages/core/test/src/server/index.ts        |   1 +
 .../src/server/collections/roles-users.ts     |   2 +
 .../src/server/collections/roles.ts           |   2 +
 .../src/server/collections/rolesResources.ts  |   1 +
 .../collections/rolesResourcesActions.ts      |   1 +
 .../collections/rolesResourcesScopes.ts       |   1 +
 .../src/server/collections/users.ts           |   1 +
 .../CustomRequestActionDesigner.tsx           |  17 +-
 .../hooks/useCustomRequestVariableOptions.ts  |   5 +-
 .../src/server/actions/send.ts                |   3 +-
 .../src/server/collections/customRequest.ts   |   1 +
 .../server/collections/customRequestsRoles.ts |   1 +
 .../src/server/plugin.ts                      |   5 +-
 .../src/collections/apiKeys.ts                |   1 +
 .../src/server/collections/auditLogs.ts       |   1 +
 .../src/server/collections/authenticators.ts  |   1 +
 .../src/server/collections/token-blacklist.ts |   1 +
 .../collections/users-authenticators.ts       |   1 +
 .../plugin-auth/src/server/plugin.ts          |   4 +-
 .../plugin-auth/src/server/storer.ts          |  39 +-
 .../src/server/collections/iframe-html.ts     |   1 +
 .../plugin-client/src/server/server.ts        |  12 +-
 .../src/server/plugin.ts                      |   4 +
 .../collections/collectionCategories.ts       |   1 +
 .../src/server/collections/collections.ts     |   1 +
 .../src/server/collections/fields.ts          |   1 +
 .../src/server/server.ts                      |   9 +-
 .../collections/data-sources-collections.ts   |   1 +
 .../server/collections/data-sources-fields.ts |   1 +
 .../data-sources-roles-resources-actions.ts   |   1 +
 .../data-sources-roles-resources-scopes.ts    |   1 +
 .../data-sources-roles-resources.ts           |   1 +
 .../server/collections/data-sources-roles.ts  |   1 +
 .../src/server/collections/data-sources.ts    |   1 +
 .../src/server/models/data-source.ts          |  10 +-
 .../src/server/plugin.ts                      |  10 +-
 .../plugin-environment-variables/.npmignore   |   2 +
 .../plugin-environment-variables/README.md    |   1 +
 .../plugin-environment-variables/client.d.ts  |   2 +
 .../plugin-environment-variables/client.js    |   1 +
 .../plugin-environment-variables/package.json |  18 +
 .../plugin-environment-variables/server.d.ts  |   2 +
 .../plugin-environment-variables/server.js    |   1 +
 ...EnvironmentVariablesAndSecretsProvider.tsx |  36 ++
 .../src/client/client.d.ts                    | 249 +++++++++
 .../src/client/components/EnvironmentPage.tsx |  15 +
 .../src/client/components/EnvironmentTabs.tsx | 510 ++++++++++++++++++
 .../src/client/index.tsx                      |  27 +
 .../src/client/locale.ts                      |  21 +
 .../src/client/utils.ts                       |  33 ++
 .../plugin-environment-variables/src/index.ts |  11 +
 .../src/locale/en-US.json                     |   1 +
 .../src/locale/zh-CN.json                     |  16 +
 .../plugin-environment-variables/src/re.ts    |  10 +
 .../src/server/AesEncryptor.tsx               |  76 +++
 .../src/server/collections/.gitkeep           |   0
 .../collections/environmentVariables.ts       |  35 ++
 .../src/server/index.ts                       |  10 +
 .../src/server/plugin.ts                      | 175 ++++++
 .../src/server/collections/chinaRegions.ts    |   1 +
 .../src/server/collections/sequences.ts       |   1 +
 .../src/client/StorageOptions.tsx             |  28 +-
 .../src/client/schemas/storage.ts             |   4 +-
 .../client/schemas/storageTypes/ali-oss.tsx   |  11 +-
 .../src/client/schemas/storageTypes/s3.ts     |  11 +-
 .../client/schemas/storageTypes/tx-cos.tsx    |  13 +-
 .../src/client/templates/file.ts              |   2 +-
 .../src/server/actions/attachments.ts         |   9 +-
 .../src/server/collections/attachments.ts     |   1 +
 .../src/server/collections/storages.ts        |   1 +
 .../plugin-file-manager/src/server/server.ts  |  24 +-
 .../src/server/collections/graphPositions.ts  |   1 +
 .../server/collections/localization-texts.ts  |   1 +
 .../collections/localization-translations.ts  |   1 +
 .../src/client/components/Configuration.tsx   |  32 +-
 .../src/client/components/GoogleMaps/Map.tsx  |   2 +-
 .../src/client/hooks/useMapConfiguration.ts   |  10 +-
 .../@nocobase/plugin-map/src/client/index.tsx |   2 +-
 .../plugin-map/src/locale/en-US.json          |   2 +-
 .../plugin-map/src/locale/ja-JP.json          |   2 +-
 .../plugin-map/src/locale/ko-KR.json          |   2 +-
 .../plugin-map/src/locale/pt-BR.json          |   2 +-
 .../plugin-map/src/locale/zh-CN.json          |   2 +-
 .../plugin-map/src/server/actions/index.ts    |   6 +-
 .../server/collections/mapConfiguration.ts    |   1 +
 .../@nocobase/plugin-map/src/server/plugin.ts |   7 +-
 .../src/server/collections/mobileRoutes.ts    |   1 +
 .../src/server/collections/applications.ts    |   1 +
 .../src/client/ConfigForm.tsx                 |  52 +-
 .../src/types/messages.ts                     |   1 +
 .../src/collections/channel.ts                |   1 +
 .../src/collections/messageLog.ts             |   1 +
 .../src/server/collections/channels.ts        |   4 +-
 .../src/server/collections/messageLogs.ts     |   4 +-
 .../src/server/manager.ts                     |  10 +-
 .../plugin-notifications/src/server/server.ts |   7 +-
 .../src/client/collections/publicForms.ts     |   3 +-
 .../client/components/AdminPublicFormPage.tsx |  41 +-
 .../src/server/collections/publicForms.ts     |   1 +
 .../plugin-public-forms/src/server/plugin.ts  |   2 +-
 .../src/server/collections/systemSettings.ts  |   1 +
 .../src/server/server.ts                      |  43 +-
 .../src/server/collections/theme-config.ts    |   1 +
 .../server/collections/uiSchemaServerHooks.ts |   1 +
 .../server/collections/uiSchemaTemplates.ts   |   1 +
 .../server/collections/uiSchemaTreePath.ts    |   1 +
 .../src/server/collections/uiSchemas.ts       |   1 +
 .../user-data-sync-records-resources.ts       |   1 +
 .../collections/user-data-sync-records.ts     |   1 +
 .../collections/user-data-sync-sources.ts     |   1 +
 .../collections/user-data-sync-tasks.ts       |   1 +
 .../src/server/collections/users.ts           |   1 +
 .../src/client/providerTypes/sms-aliyun.ts    |  11 +-
 .../src/client/providerTypes/sms-tencent.ts   |  15 +-
 .../src/server/__tests__/Plugin.test.ts       |   2 +-
 .../src/server/__tests__/index.ts             |  15 +-
 .../src/server/collections/verifications.ts   |   1 +
 .../collections/verifications_providers.ts    |   1 +
 .../src/server/providers/Provider.ts          |   7 +-
 .../src/server/collections/1-users_jobs.ts    |   1 +
 .../plugin-workflow/src/client/variable.tsx   |  13 +-
 .../plugin-workflow/src/server/Processor.ts   |   1 +
 .../src/server/collections/executions.ts      |   1 +
 .../src/server/collections/flow_nodes.ts      |   1 +
 .../src/server/collections/jobs.ts            |   1 +
 .../src/server/collections/workflows.ts       |   1 +
 packages/presets/nocobase/package.json        |   2 +
 storage/.gitignore                            |  14 +-
 storage/verdaccio/config.yaml                 | 213 --------
 storage/verdaccio/htpasswd                    |   1 -
 162 files changed, 1902 insertions(+), 486 deletions(-)
 create mode 100644 packages/core/client/src/application/hooks/useGlobalVariable.ts
 create mode 100644 packages/core/client/src/schema-component/antd/variable/TextAreaWithGlobalScope.tsx
 create mode 100644 packages/core/server/src/environment.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/.npmignore
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/README.md
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/client.d.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/client.js
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/package.json
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/server.d.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/server.js
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/EnvironmentVariablesAndSecretsProvider.tsx
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/client.d.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentPage.tsx
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentTabs.tsx
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/index.tsx
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/locale.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/client/utils.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/index.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/locale/en-US.json
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/locale/zh-CN.json
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/re.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/server/AesEncryptor.tsx
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/.gitkeep
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/environmentVariables.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/server/index.ts
 create mode 100644 packages/plugins/@nocobase/plugin-environment-variables/src/server/plugin.ts
 delete mode 100644 storage/verdaccio/config.yaml
 delete mode 100644 storage/verdaccio/htpasswd

diff --git a/.gitignore b/.gitignore
index 63dd4bf4ff..4ff2ca8a8b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,27 +20,13 @@ docs-dist/
 dist/
 docker/**/storage
 cache/diskstore-*
-*.nbdump
-storage/duplicator/*
-storage/backups/*
 **/.dumi/tmp
 **/.dumi/tmp-test
 **/.dumi/tmp-production
 packages/core/client/docs/contributing.md
 packages/core/app/client/src/.plugins
-storage/plugins
-storage/tar
-storage/tmp
-storage/print-templates
-storage/cache
-storage/app.watch.ts
-storage/.upgrading
-storage/logs-e2e
-storage/uploads-e2e
-storage/.pm2-*
 tsconfig.paths.json
 /playwright
-/storage/playwright
 .swc
 ncc-cache/
 yarn--**
diff --git a/Dockerfile b/Dockerfile
index a94d3e8f45..662dfdbdb2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:20.13-bullseye as builder
+FROM node:20-bookworm as builder
 ARG VERDACCIO_URL=http://host.docker.internal:10104/
 ARG COMMIT_HASH
 ARG APPEND_PRESET_LOCAL_PLUGINS
@@ -7,10 +7,17 @@ ARG PLUGINS_DIRS
 
 ENV PLUGINS_DIRS=${PLUGINS_DIRS}
 
+RUN apt-get update && apt-get install -y jq expect
 
-RUN npx npm-cli-adduser --username test --password test -e test@nocobase.com -r $VERDACCIO_URL
+RUN expect <<EOD
+spawn npm adduser --registry $VERDACCIO_URL
+expect {
+  "Username:" {send "test\r"; exp_continue}
+  "Password:" {send "test\r"; exp_continue}
+  "Email: (this IS public)" {send "test@nocobase.com\r"; exp_continue}
+}
+EOD
 
-RUN apt-get update && apt-get install -y jq
 WORKDIR /tmp
 COPY . /tmp
 RUN  yarn install && yarn build --no-dts
@@ -47,12 +54,12 @@ RUN cd /app \
   && tar -zcf ./nocobase.tar.gz -C /app/my-nocobase-app .
 
 
-FROM node:20.13-bullseye-slim
+FROM node:20-bookworm-slim
 
 RUN apt-get update && apt-get install -y --no-install-recommends wget gnupg \
   && rm -rf /var/lib/apt/lists/*
 
-RUN sh -c 'echo "deb http://mirrors.ustc.edu.cn/postgresql/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+RUN sh -c 'echo "deb http://mirrors.ustc.edu.cn/postgresql/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
 RUN wget --quiet -O - http://mirrors.ustc.edu.cn/postgresql/repos/apt/ACCC4CF8.asc | apt-key add -
 
 RUN apt-get update && apt-get -y --no-install-recommends install nginx libaio1 postgresql-client-16 postgresql-client-17 \
diff --git a/docker/nocobase/Dockerfile b/docker/nocobase/Dockerfile
index 41841cb7d5..f81c515592 100644
--- a/docker/nocobase/Dockerfile
+++ b/docker/nocobase/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18-bullseye-slim as builder
+FROM node:20-bookworm-slim as builder
 
 ARG CNA_VERSION
 
@@ -14,7 +14,7 @@ RUN cd /app \
   && rm -rf nocobase.tar.gz \
   && tar -zcf ./nocobase.tar.gz -C /app/my-nocobase-app .
 
-FROM node:18-bullseye-slim
+FROM node:20-bookworm-slim
 
 # COPY ./sources.list /etc/apt/sources.list
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
diff --git a/lerna.json b/lerna.json
index d2dd1e12e9..129fb50861 100644
--- a/lerna.json
+++ b/lerna.json
@@ -2,9 +2,7 @@
   "version": "1.6.0-alpha.9",
   "npmClient": "yarn",
   "useWorkspaces": true,
-  "npmClientArgs": [
-    "--ignore-engines"
-  ],
+  "npmClientArgs": ["--ignore-engines"],
   "command": {
     "version": {
       "forcePublish": true,
diff --git a/packages/core/auth/src/auth.ts b/packages/core/auth/src/auth.ts
index 7c1de54a4e..b0622576ee 100644
--- a/packages/core/auth/src/auth.ts
+++ b/packages/core/auth/src/auth.ts
@@ -31,6 +31,10 @@ interface IAuth {
 }
 
 export abstract class Auth implements IAuth {
+  /**
+   * options keys that are not allowed to use environment variables
+   */
+  public static optionsKeysNotAllowedInEnv: string[];
   abstract user: Model;
   protected authenticator: Authenticator;
   protected options: {
diff --git a/packages/core/client/src/application/Application.tsx b/packages/core/client/src/application/Application.tsx
index f66810ace7..f4062bda93 100644
--- a/packages/core/client/src/application/Application.tsx
+++ b/packages/core/client/src/application/Application.tsx
@@ -99,6 +99,7 @@ export class Application {
   public schemaSettingsManager: SchemaSettingsManager;
   public dataSourceManager: DataSourceManager;
   public name: string;
+  public globalVars: Record<string, any> = {};
 
   loading = true;
   maintained = false;
@@ -465,4 +466,12 @@ export class Application {
       componentOption,
     );
   }
+
+  addGlobalVar(key: string, value: any) {
+    set(this.globalVars, key, value);
+  }
+
+  getGlobalVar(key) {
+    return get(this.globalVars, key);
+  }
 }
diff --git a/packages/core/client/src/application/hooks/index.ts b/packages/core/client/src/application/hooks/index.ts
index e7d4f06ee0..57fb89faff 100644
--- a/packages/core/client/src/application/hooks/index.ts
+++ b/packages/core/client/src/application/hooks/index.ts
@@ -11,3 +11,4 @@ export * from './useApp';
 export * from './useAppSpin';
 export * from './usePlugin';
 export * from './useRouter';
+export * from './useGlobalVariable';
diff --git a/packages/core/client/src/application/hooks/useGlobalVariable.ts b/packages/core/client/src/application/hooks/useGlobalVariable.ts
new file mode 100644
index 0000000000..1ef7ef76d1
--- /dev/null
+++ b/packages/core/client/src/application/hooks/useGlobalVariable.ts
@@ -0,0 +1,31 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { isFunction } from 'lodash';
+import { useMemo } from 'react';
+import { useApp } from './';
+
+export const useGlobalVariable = (key: string) => {
+  const app = useApp();
+
+  const variable = useMemo(() => {
+    return app.getGlobalVar(key);
+  }, [app, key]);
+
+  if (isFunction(variable)) {
+    try {
+      return variable();
+    } catch (error) {
+      console.error(`Error calling global variable function for key: ${key}`, error);
+      return undefined;
+    }
+  }
+
+  return variable;
+};
diff --git a/packages/core/client/src/modules/fields/component/Input/inputComponentSettings.tsx b/packages/core/client/src/modules/fields/component/Input/inputComponentSettings.tsx
index deae4f1a29..8f53455a71 100644
--- a/packages/core/client/src/modules/fields/component/Input/inputComponentSettings.tsx
+++ b/packages/core/client/src/modules/fields/component/Input/inputComponentSettings.tsx
@@ -72,7 +72,7 @@ export const enableLinkSettingsItem: SchemaSettingsItemType = {
     const { fieldSchema: columnSchema } = useColumnSchema();
     const schema = useFieldSchema();
     const fieldSchema = columnSchema || schema;
-    const { name } = useBlockContext();
+    const { name } = useBlockContext() || {};
     return name !== 'kanban' && (fieldSchema?.['x-read-pretty'] || field.readPretty);
   },
   useComponentProps() {
diff --git a/packages/core/client/src/schema-component/antd/input/Json.tsx b/packages/core/client/src/schema-component/antd/input/Json.tsx
index 5d5a5510c2..eb1a66c9b0 100644
--- a/packages/core/client/src/schema-component/antd/input/Json.tsx
+++ b/packages/core/client/src/schema-component/antd/input/Json.tsx
@@ -7,13 +7,13 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
+import { css, cx } from '@emotion/css';
 import { Field } from '@formily/core';
 import { useField } from '@formily/react';
 import { Input } from 'antd';
 import { TextAreaProps } from 'antd/es/input';
-import React, { useState, useEffect, Ref } from 'react';
-import { cx, css } from '@emotion/css';
 import JSON5 from 'json5';
+import React, { Ref, useEffect, useState } from 'react';
 
 export type JSONTextAreaProps = TextAreaProps & { value?: string; space?: number; json5?: boolean };
 
@@ -30,7 +30,16 @@ export const Json = React.forwardRef<typeof Input.TextArea, JSONTextAreaProps>(
     useEffect(() => {
       try {
         if (value != null) {
-          setText(_JSON.stringify(value, null, space));
+          if (typeof value === 'string') {
+            try {
+              _JSON.parse(value);
+              setText(value);
+            } catch (error) {
+              setText(_JSON.stringify(value, null, space));
+            }
+          } else {
+            setText(_JSON.stringify(value, null, space));
+          }
         } else {
           setText(undefined);
         }
diff --git a/packages/core/client/src/schema-component/antd/variable/TextArea.tsx b/packages/core/client/src/schema-component/antd/variable/TextArea.tsx
index 519e814866..0c0b127468 100644
--- a/packages/core/client/src/schema-component/antd/variable/TextArea.tsx
+++ b/packages/core/client/src/schema-component/antd/variable/TextArea.tsx
@@ -223,7 +223,7 @@ function useVariablesFromValue(value: string, delimiters: [string, string] = ['{
 
 export function TextArea(props) {
   const { wrapSSR, hashId, componentCls } = useStyles();
-  const { scope, onChange, changeOnSelect, style, fieldNames, delimiters = ['{{', '}}'] } = props;
+  const { scope, onChange, changeOnSelect, style, fieldNames, delimiters = ['{{', '}}'], addonBefore } = props;
   const value = typeof props.value === 'string' ? props.value : props.value == null ? '' : props.value.toString();
   const variables = useVariablesFromValue(value, delimiters);
   const inputRef = useRef<HTMLDivElement>(null);
@@ -397,7 +397,6 @@ export function TextArea(props) {
     },
     [onChange, delimitersString],
   );
-
   const disabled = props.disabled || form.disabled;
   return wrapSSR(
     <Space.Compact
@@ -410,6 +409,8 @@ export function TextArea(props) {
             flex-grow: 1;
             min-width: 200px;
             word-break: break-all;
+            border-top-left-radius: ${addonBefore ? '0px' : '6px'};
+            border-bottom-left-radius: ${addonBefore ? '0px' : '6px'};
           }
           .ant-input-disabled {
             .ant-tag {
@@ -424,6 +425,19 @@ export function TextArea(props) {
         `,
       )}
     >
+      {addonBefore && (
+        <div
+          className={css`
+            background: rgba(0, 0, 0, 0.02);
+            border: 1px solid rgb(217, 217, 217);
+            padding: 0px 11px;
+            border-radius: 6px 0px 0px 6px;
+            border-right: 0px;
+          `}
+        >
+          {addonBefore}
+        </div>
+      )}
       <div
         role="button"
         aria-label="textbox"
diff --git a/packages/core/client/src/schema-component/antd/variable/TextAreaWithGlobalScope.tsx b/packages/core/client/src/schema-component/antd/variable/TextAreaWithGlobalScope.tsx
new file mode 100644
index 0000000000..124be3dca0
--- /dev/null
+++ b/packages/core/client/src/schema-component/antd/variable/TextAreaWithGlobalScope.tsx
@@ -0,0 +1,61 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import React, { useMemo } from 'react';
+import { connect, mapReadPretty } from '@formily/react';
+import { TextArea } from './TextArea';
+import { RawTextArea } from './RawTextArea';
+import { Password } from '../password';
+import { Variable } from './Variable';
+import { Input } from '../input';
+import { useGlobalVariable } from '../../../application/hooks/useGlobalVariable';
+
+export const useEnvironmentVariableOptions = (scope) => {
+  const environmentVariables = useGlobalVariable('$env');
+  return useMemo(() => {
+    if (environmentVariables) {
+      return [environmentVariables].filter(Boolean);
+    }
+    return scope;
+  }, [environmentVariables, scope]);
+};
+
+const isVariable = (value) => {
+  const regex = /{{.*?}}/;
+  return regex.test(value);
+};
+interface TextAreaWithGlobalScopeProps {
+  supportsLineBreak?: boolean;
+  password?: boolean;
+  number?: boolean;
+  boolean?: boolean;
+  value?: any;
+  scope?: string | object;
+  [key: string]: any;
+}
+
+export const TextAreaWithGlobalScope = connect((props: TextAreaWithGlobalScopeProps) => {
+  const { supportsLineBreak, password, number, boolean, ...others } = props;
+  const scope = useEnvironmentVariableOptions(props.scope);
+  const fieldNames = { value: 'name', label: 'title' };
+
+  if (supportsLineBreak) {
+    return <RawTextArea {...others} scope={scope} fieldNames={fieldNames} rows={3} />;
+  }
+  if (number) {
+    return <Variable.Input {...props} scope={scope} fieldNames={fieldNames} />;
+  }
+  if (password && props.value && !isVariable(props.value)) {
+    return <Password {...others} autoFocus />;
+  }
+  if (boolean) {
+    return <Variable.Input {...props} scope={scope} fieldNames={fieldNames} />;
+  }
+  return <TextArea {...others} scope={scope} fieldNames={fieldNames} />;
+}, mapReadPretty(Input.ReadPretty));
diff --git a/packages/core/client/src/schema-component/antd/variable/index.ts b/packages/core/client/src/schema-component/antd/variable/index.ts
index 0e7830cc5e..a67135fb93 100644
--- a/packages/core/client/src/schema-component/antd/variable/index.ts
+++ b/packages/core/client/src/schema-component/antd/variable/index.ts
@@ -8,3 +8,4 @@
  */
 
 export * from './Variable';
+export { TextAreaWithGlobalScope } from './TextAreaWithGlobalScope';
diff --git a/packages/core/client/src/system-settings/SystemSettingsProvider.tsx b/packages/core/client/src/system-settings/SystemSettingsProvider.tsx
index 64492e480f..f5b6f479fa 100644
--- a/packages/core/client/src/system-settings/SystemSettingsProvider.tsx
+++ b/packages/core/client/src/system-settings/SystemSettingsProvider.tsx
@@ -11,7 +11,7 @@ import { Result } from 'ahooks/es/useRequest/src/types';
 import React, { createContext, ReactNode, useContext } from 'react';
 import { useRequest } from '../api-client';
 
-export const SystemSettingsContext = createContext<Result<any, any>>(null);
+export const SystemSettingsContext = createContext<Result<any, any> | any>(null);
 SystemSettingsContext.displayName = 'SystemSettingsContext';
 
 export const useSystemSettings = () => {
@@ -20,8 +20,7 @@ export const useSystemSettings = () => {
 
 export const SystemSettingsProvider: React.FC<{ children?: ReactNode }> = (props) => {
   const result = useRequest({
-    url: 'systemSettings:get/1?appends=logo',
+    url: 'systemSettings:get',
   });
-
-  return <SystemSettingsContext.Provider value={result}>{props.children}</SystemSettingsContext.Provider>;
+  return <SystemSettingsContext.Provider value={{ ...result }}>{props.children}</SystemSettingsContext.Provider>;
 };
diff --git a/packages/core/client/src/system-settings/SystemSettingsShortcut.tsx b/packages/core/client/src/system-settings/SystemSettingsShortcut.tsx
index 2ea3dc9b1a..a0d2db2ab6 100644
--- a/packages/core/client/src/system-settings/SystemSettingsShortcut.tsx
+++ b/packages/core/client/src/system-settings/SystemSettingsShortcut.tsx
@@ -60,7 +60,7 @@ const useSaveSystemSettingsValues = () => {
         },
       });
       await api.request({
-        url: 'systemSettings:update/1',
+        url: 'systemSettings:put',
         method: 'post',
         data: values,
       });
@@ -88,11 +88,14 @@ const schema: ISchema = {
       type: 'void',
       title: '{{t("System settings")}}',
       properties: {
-        title: {
+        raw_title: {
           type: 'string',
           title: "{{t('System title')}}",
           'x-decorator': 'FormItem',
-          'x-component': 'Input.TextArea',
+          'x-component': 'TextAreaWithGlobalScope',
+          'x-component-props': {
+            supportsLineBreak: true,
+          },
           required: true,
         },
         logo: {
diff --git a/packages/core/client/src/variables/VariablesProvider.tsx b/packages/core/client/src/variables/VariablesProvider.tsx
index 50a02cb00f..2c13c69de5 100644
--- a/packages/core/client/src/variables/VariablesProvider.tsx
+++ b/packages/core/client/src/variables/VariablesProvider.tsx
@@ -59,7 +59,6 @@ const VariablesProvider = ({ children, filterVariables }: any) => {
   const { getCollectionJoinField, getCollection } = useCollectionManager_deprecated();
   const compile = useCompile();
   const { builtinVariables } = useBuiltInVariables();
-
   const setCtx = useCallback((ctx: Record<string, any> | ((prev: Record<string, any>) => Record<string, any>)) => {
     if (_.isFunction(ctx)) {
       ctxRef.current = ctx(ctxRef.current);
diff --git a/packages/core/data-source-manager/src/collection-manager.ts b/packages/core/data-source-manager/src/collection-manager.ts
index 30d39b8471..e276d9d3ab 100644
--- a/packages/core/data-source-manager/src/collection-manager.ts
+++ b/packages/core/data-source-manager/src/collection-manager.ts
@@ -8,6 +8,8 @@
  */
 
 import { Collection } from './collection';
+import { DataSource } from './data-source';
+import { Repository } from './repository';
 import {
   CollectionOptions,
   ICollection,
@@ -16,8 +18,6 @@ import {
   IRepository,
   MergeOptions,
 } from './types';
-import { DataSource } from './data-source';
-import { Repository } from './repository';
 
 export class CollectionManager implements ICollectionManager {
   public dataSource: DataSource;
@@ -35,6 +35,10 @@ export class CollectionManager implements ICollectionManager {
     });
   }
 
+  setDataSource(dataSource: DataSource) {
+    this.dataSource = dataSource;
+  }
+
   /* istanbul ignore next -- @preserve */
   getRegisteredFieldType(type) {}
 
diff --git a/packages/core/data-source-manager/src/collection.ts b/packages/core/data-source-manager/src/collection.ts
index d4ed2c870d..ae7a110b70 100644
--- a/packages/core/data-source-manager/src/collection.ts
+++ b/packages/core/data-source-manager/src/collection.ts
@@ -7,9 +7,9 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { CollectionOptions, ICollection, ICollectionManager, IField, IRepository } from './types';
 import { default as lodash } from 'lodash';
 import { CollectionField } from './collection-field';
+import { CollectionOptions, ICollection, ICollectionManager, IField, IRepository } from './types';
 
 export class Collection implements ICollection {
   repository: IRepository;
@@ -17,7 +17,7 @@ export class Collection implements ICollection {
 
   constructor(
     protected options: CollectionOptions,
-    protected collectionManager: ICollectionManager,
+    public collectionManager: ICollectionManager,
   ) {
     this.setRepository(options.repository);
 
diff --git a/packages/core/data-source-manager/src/data-source-factory.ts b/packages/core/data-source-manager/src/data-source-factory.ts
index 8a451a6067..b11693bd07 100644
--- a/packages/core/data-source-manager/src/data-source-factory.ts
+++ b/packages/core/data-source-manager/src/data-source-factory.ts
@@ -8,10 +8,13 @@
  */
 
 import { DataSource } from './data-source';
+import { DataSourceManager } from './data-source-manager';
 
 export class DataSourceFactory {
   public collectionTypes: Map<string, typeof DataSource> = new Map();
 
+  constructor(protected dataSourceManager: DataSourceManager) {}
+
   register(type: string, dataSourceClass: typeof DataSource) {
     this.collectionTypes.set(type, dataSourceClass);
   }
@@ -25,8 +28,17 @@ export class DataSourceFactory {
     if (!klass) {
       throw new Error(`Data source type "${type}" not found`);
     }
+    const environment = this.dataSourceManager.options.app?.environment;
+    const { logger, sqlLogger, ...others } = options;
 
+    const opts = { logger, sqlLogger, ...others };
+
+    if (environment) {
+      Object.assign(opts, environment.renderJsonTemplate(others));
+    }
     // @ts-ignore
-    return new klass(options);
+    const dataSource = new klass(opts) as DataSource;
+    dataSource.setDataSourceManager(this.dataSourceManager);
+    return dataSource;
   }
 }
diff --git a/packages/core/data-source-manager/src/data-source-manager.ts b/packages/core/data-source-manager/src/data-source-manager.ts
index a8b141d9e9..cbf73fabdd 100644
--- a/packages/core/data-source-manager/src/data-source-manager.ts
+++ b/packages/core/data-source-manager/src/data-source-manager.ts
@@ -7,10 +7,10 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
+import { createConsoleLogger, createLogger, Logger, LoggerOptions } from '@nocobase/logger';
 import { ToposortOptions } from '@nocobase/utils';
 import { DataSource } from './data-source';
 import { DataSourceFactory } from './data-source-factory';
-import { createConsoleLogger, createLogger, Logger, LoggerOptions } from '@nocobase/logger';
 
 type DataSourceHook = (dataSource: DataSource) => void;
 
@@ -24,13 +24,14 @@ export class DataSourceManager {
   /**
    * @internal
    */
-  factory: DataSourceFactory = new DataSourceFactory();
+  factory: DataSourceFactory;
   protected middlewares = [];
   private onceHooks: Array<DataSourceHook> = [];
   private beforeAddHooks: Array<DataSourceHook> = [];
 
   constructor(public options: DataSourceManagerOptions = {}) {
     this.dataSources = new Map();
+    this.factory = new DataSourceFactory(this);
     this.middlewares = [];
 
     if (options.app) {
diff --git a/packages/core/data-source-manager/src/data-source.ts b/packages/core/data-source-manager/src/data-source.ts
index 8a45cac8f9..abf7cc5a4f 100644
--- a/packages/core/data-source-manager/src/data-source.ts
+++ b/packages/core/data-source-manager/src/data-source.ts
@@ -8,13 +8,14 @@
  */
 
 import { ACL } from '@nocobase/acl';
+import { Logger } from '@nocobase/logger';
 import { getNameByParams, parseRequest, ResourceManager } from '@nocobase/resourcer';
+import { wrapMiddlewareWithLogging } from '@nocobase/utils';
 import EventEmitter from 'events';
 import compose from 'koa-compose';
+import { DataSourceManager } from './data-source-manager';
 import { loadDefaultActions } from './load-default-actions';
 import { ICollectionManager } from './types';
-import { Logger } from '@nocobase/logger';
-import { wrapMiddlewareWithLogging } from '@nocobase/utils';
 
 export type DataSourceOptions = any;
 
@@ -27,6 +28,7 @@ export abstract class DataSource extends EventEmitter {
   public collectionManager: ICollectionManager;
   public resourceManager: ResourceManager;
   public acl: ACL;
+  public dataSourceManager: DataSourceManager;
 
   logger: Logger;
 
@@ -49,6 +51,10 @@ export abstract class DataSource extends EventEmitter {
     return Promise.resolve(true);
   }
 
+  setDataSourceManager(dataSourceManager: DataSourceManager) {
+    this.dataSourceManager = dataSourceManager;
+  }
+
   setLogger(logger: Logger) {
     this.logger = logger;
   }
@@ -66,6 +72,9 @@ export abstract class DataSource extends EventEmitter {
     });
 
     this.collectionManager = this.createCollectionManager(options);
+    if (this.collectionManager) {
+      this.collectionManager.setDataSource(this);
+    }
     this.resourceManager.registerActionHandlers(loadDefaultActions());
 
     if (options.acl !== false) {
diff --git a/packages/core/data-source-manager/src/sequelize-collection-manager.ts b/packages/core/data-source-manager/src/sequelize-collection-manager.ts
index 26537716f0..49ed8e4107 100644
--- a/packages/core/data-source-manager/src/sequelize-collection-manager.ts
+++ b/packages/core/data-source-manager/src/sequelize-collection-manager.ts
@@ -10,6 +10,7 @@
 /* istanbul ignore file -- @preserve */
 
 import { Database } from '@nocobase/database';
+import { DataSource } from './data-source';
 import {
   CollectionOptions,
   ICollection,
@@ -22,12 +23,17 @@ import {
 export class SequelizeCollectionManager implements ICollectionManager {
   db: Database;
   options: any;
+  dataSource: DataSource;
 
   constructor(options) {
     this.db = this.createDB(options);
     this.options = options;
   }
 
+  setDataSource(dataSource: DataSource) {
+    this.dataSource = dataSource;
+  }
+
   collectionsFilter() {
     if (this.options.collectionsFilter) {
       return this.options.collectionsFilter;
diff --git a/packages/core/data-source-manager/src/types.ts b/packages/core/data-source-manager/src/types.ts
index 3609297ea0..ca5b0e4bb1 100644
--- a/packages/core/data-source-manager/src/types.ts
+++ b/packages/core/data-source-manager/src/types.ts
@@ -7,6 +7,8 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
+import { DataSource } from './data-source';
+
 export type CollectionOptions = {
   name: string;
   repository?: string;
@@ -102,6 +104,10 @@ export type MergeOptions = {
 };
 
 export interface ICollectionManager {
+  dataSource: DataSource;
+
+  setDataSource(dataSource: DataSource): void;
+
   registerFieldTypes(types: Record<string, any>): void;
 
   registerFieldInterfaces(interfaces: Record<string, new (options: any) => IFieldInterface>): void;
diff --git a/packages/core/database/src/__tests__/underscored-options.test.ts b/packages/core/database/src/__tests__/underscored-options.test.ts
index 7e73ebef7f..78f0ef5668 100644
--- a/packages/core/database/src/__tests__/underscored-options.test.ts
+++ b/packages/core/database/src/__tests__/underscored-options.test.ts
@@ -147,7 +147,7 @@ describe('underscored options', () => {
           type: 'belongsToMany',
           name: 'tags',
           through: 'collectionCategory',
-          target: 'posts',
+          target: 'tags',
           sourceKey: 'name',
           foreignKey: 'postsName',
           targetKey: 'name',
diff --git a/packages/core/database/src/collection.ts b/packages/core/database/src/collection.ts
index e6ecd56ed2..fa631d0444 100644
--- a/packages/core/database/src/collection.ts
+++ b/packages/core/database/src/collection.ts
@@ -88,16 +88,19 @@ export type DumpRules =
   | ({ skipped: true } & BaseDumpRules)
   | ({ group: BuiltInGroup | string } & BaseDumpRules);
 
+export type MigrationRule = 'overwrite' | 'skip' | 'upsert' | 'schema-only' | 'insert-ignore';
+
 export interface CollectionOptions extends Omit<ModelOptions, 'name' | 'hooks'> {
   name: string;
   title?: string;
   namespace?: string;
+  migrationRules?: MigrationRule[];
   dumpRules?: DumpRules;
   tableName?: string;
   inherits?: string[] | string;
   viewName?: string;
   writableView?: boolean;
-
+  isThrough?: boolean;
   filterTargetKey?: string | string[];
   fields?: FieldOptions[];
   model?: string | ModelStatic<Model>;
diff --git a/packages/core/database/src/database.ts b/packages/core/database/src/database.ts
index 41ccf770a3..40d9488936 100644
--- a/packages/core/database/src/database.ts
+++ b/packages/core/database/src/database.ts
@@ -309,6 +309,7 @@ export class Database extends EventEmitter implements AsyncEmitter {
       autoGenId: false,
       timestamps: false,
       dumpRules: 'required',
+      migrationRules: ['schema-only', 'overwrite', 'skip'],
       origin: '@nocobase/database',
       fields: [{ type: 'string', name: 'name', primaryKey: true }],
     });
diff --git a/packages/core/database/src/dialects/mysql-dialect.ts b/packages/core/database/src/dialects/mysql-dialect.ts
index f5a6f9ca64..d44e6daad0 100644
--- a/packages/core/database/src/dialects/mysql-dialect.ts
+++ b/packages/core/database/src/dialects/mysql-dialect.ts
@@ -7,6 +7,7 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
+import { lodash } from '@nocobase/utils';
 import { BaseDialect } from './base-dialect';
 
 export class MysqlDialect extends BaseDialect {
@@ -22,4 +23,9 @@ export class MysqlDialect extends BaseDialect {
       version: '>=8.0.17',
     };
   }
+
+  getSequelizeOptions(options: any) {
+    lodash.set(options, 'dialectOptions.multipleStatements', true);
+    return options;
+  }
 }
diff --git a/packages/core/database/src/fields/belongs-to-many-field.ts b/packages/core/database/src/fields/belongs-to-many-field.ts
index 6f7d22f5f3..33dd1e21ec 100644
--- a/packages/core/database/src/fields/belongs-to-many-field.ts
+++ b/packages/core/database/src/fields/belongs-to-many-field.ts
@@ -144,6 +144,9 @@ export class BelongsToManyField extends RelationField {
     } else {
       const throughCollectionOptions = {
         name: through,
+        isThrough: true,
+        sourceCollectionName: this.collection.name,
+        targetCollectionName: this.target,
       };
 
       if (this.collection.options.dumpRules) {
diff --git a/packages/core/server/src/application.ts b/packages/core/server/src/application.ts
index 9484cb58df..91762f8a5a 100644
--- a/packages/core/server/src/application.ts
+++ b/packages/core/server/src/application.ts
@@ -76,6 +76,7 @@ import packageJson from '../package.json';
 import { ServiceContainer } from './service-container';
 import { availableActions } from './acl/available-action';
 import { AuditManager } from './audit-manager';
+import { Environment } from './environment';
 
 export type PluginType = string | typeof Plugin;
 export type PluginConfiguration = PluginType | [PluginType, any];
@@ -309,6 +310,12 @@ export class Application<StateT = DefaultState, ContextT = DefaultContext> exten
     return this._maintainingMessage;
   }
 
+  private _env: Environment;
+
+  get environment() {
+    return this._env;
+  }
+
   protected _cronJobManager: CronJobManager;
 
   get cronJobManager() {
@@ -1183,6 +1190,7 @@ export class Application<StateT = DefaultState, ContextT = DefaultContext> exten
     this.createMainDataSource(options);
 
     this._cronJobManager = new CronJobManager(this);
+    this._env = new Environment();
 
     this._cli = this.createCLI();
     this._i18n = createI18n(options);
diff --git a/packages/core/server/src/environment.ts b/packages/core/server/src/environment.ts
new file mode 100644
index 0000000000..7ec8b3045f
--- /dev/null
+++ b/packages/core/server/src/environment.ts
@@ -0,0 +1,47 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { parse } from '@nocobase/utils';
+import _ from 'lodash';
+
+export class Environment {
+  private vars = {};
+
+  setVariable(key: string, value: string) {
+    this.vars[key] = value;
+  }
+
+  removeVariable(key: string) {
+    delete this.vars[key];
+  }
+
+  getVariablesAndSecrets() {
+    return this.vars;
+  }
+
+  getVariables() {
+    return this.vars;
+  }
+
+  renderJsonTemplate(template: any, options?: { omit?: string[] }) {
+    if (options?.omit) {
+      const omitTemplate = _.omit(template, options.omit);
+      const parsed = parse(omitTemplate)({
+        $env: this.vars,
+      });
+      for (const key of options.omit) {
+        _.set(parsed, key, _.get(template, key));
+      }
+      return parsed;
+    }
+    return parse(template)({
+      $env: this.vars,
+    });
+  }
+}
diff --git a/packages/core/server/src/helpers/application-version.ts b/packages/core/server/src/helpers/application-version.ts
index ba5c68634c..47fe5eb9c0 100644
--- a/packages/core/server/src/helpers/application-version.ts
+++ b/packages/core/server/src/helpers/application-version.ts
@@ -20,6 +20,7 @@ export class ApplicationVersion {
     app.db.collection({
       origin: '@nocobase/server',
       name: 'applicationVersion',
+      migrationRules: ['schema-only', 'skip'],
       dataType: 'meta',
       timestamps: false,
       dumpRules: 'required',
diff --git a/packages/core/server/src/plugin-manager/options/collection.ts b/packages/core/server/src/plugin-manager/options/collection.ts
index 489dfa7ada..c039ed10f4 100644
--- a/packages/core/server/src/plugin-manager/options/collection.ts
+++ b/packages/core/server/src/plugin-manager/options/collection.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   name: 'applicationPlugins',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   repository: 'PluginManagerRepository',
   origin: '@nocobase/server',
   fields: [
diff --git a/packages/core/test/src/server/index.ts b/packages/core/test/src/server/index.ts
index d290c44e15..8dd864d189 100644
--- a/packages/core/test/src/server/index.ts
+++ b/packages/core/test/src/server/index.ts
@@ -18,6 +18,7 @@ export * from './mock-server';
 
 export const pgOnly: () => any = () => (process.env.DB_DIALECT == 'postgres' ? describe : describe.skip);
 export const isPg = () => process.env.DB_DIALECT == 'postgres';
+export const isMysql = () => process.env.DB_DIALECT == 'mysql';
 
 export function randomStr() {
   // create random string
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles-users.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles-users.ts
index 93a5940907..a32dee3372 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles-users.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles-users.ts
@@ -11,8 +11,10 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   name: 'rolesUsers',
+  description: "User's roles",
   dumpRules: {
     group: 'user',
   },
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   fields: [{ type: 'boolean', name: 'default' }],
 });
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles.ts
index 3de4554673..a0704311a3 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/roles.ts
@@ -12,6 +12,8 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   origin: '@nocobase/plugin-acl',
   dumpRules: 'required',
+  description: 'Role data',
+  migrationRules: ['overwrite', 'skip'],
   name: 'roles',
   title: '{{t("Roles")}}',
   autoGenId: false,
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResources.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResources.ts
index 3614ae7bfa..d9e3cadd2d 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResources.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResources.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'rolesResources',
+  migrationRules: ['overwrite', 'skip'],
   model: 'RoleResourceModel',
   indexes: [
     {
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesActions.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesActions.ts
index c29dc3792f..dd31ff0053 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesActions.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesActions.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'rolesResourcesActions',
+  migrationRules: ['overwrite', 'skip'],
   model: 'RoleResourceActionModel',
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesScopes.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesScopes.ts
index 93c3235019..7e1ede5e70 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesScopes.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/rolesResourcesScopes.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'rolesResourcesScopes',
+  migrationRules: ['overwrite', 'skip'],
   fields: [
     {
       type: 'uid',
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/collections/users.ts b/packages/plugins/@nocobase/plugin-acl/src/server/collections/users.ts
index 0e25190ff6..9dc6c7527d 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/collections/users.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/collections/users.ts
@@ -11,6 +11,7 @@ import { extendCollection } from '@nocobase/database';
 
 export default extendCollection({
   name: 'users',
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   fields: [
     {
       interface: 'm2m',
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/client/components/CustomRequestActionDesigner.tsx b/packages/plugins/@nocobase/plugin-action-custom-request/src/client/components/CustomRequestActionDesigner.tsx
index ecd4029cdc..9b0ba18b0e 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/client/components/CustomRequestActionDesigner.tsx
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/client/components/CustomRequestActionDesigner.tsx
@@ -20,7 +20,7 @@ import {
   useRequest,
 } from '@nocobase/client';
 import { App } from 'antd';
-import React from 'react';
+import React, { useMemo } from 'react';
 import { listByCurrentRoleUrl } from '../constants';
 import { useCustomRequestVariableOptions, useGetCustomRequest } from '../hooks';
 import { useCustomRequestsResource } from '../hooks/useCustomRequestsResource';
@@ -33,9 +33,15 @@ export function CustomRequestSettingsItem() {
   const dataSourceKey = useDataSourceKey();
   const fieldSchema = useFieldSchema();
   const customRequestsResource = useCustomRequestsResource();
-  const { message } = App.useApp();
   const { data, refresh } = useGetCustomRequest();
   const { dn } = useDesignable();
+  const initialValues = useMemo(() => {
+    const values = { ...data?.data?.options };
+    if (values.data && typeof values.data !== 'string') {
+      values.data = JSON.stringify(values.data, null, 2);
+    }
+    return values;
+  }, [data?.data?.options]);
   return (
     <>
       <SchemaSettingsActionModalItem
@@ -46,9 +52,7 @@ export function CustomRequestSettingsItem() {
         beforeOpen={() => !data && refresh()}
         scope={{ useCustomRequestVariableOptions }}
         schema={CustomRequestConfigurationFieldsSchema}
-        initialValues={{
-          ...data?.data?.options,
-        }}
+        initialValues={initialValues}
         onSubmit={async (config) => {
           const { ...requestSettings } = config;
           fieldSchema['x-response-type'] = requestSettings.responseType;
@@ -69,7 +73,8 @@ export function CustomRequestSettingsItem() {
               'x-uid': fieldSchema['x-uid'],
             },
           });
-          message.success(t('Saved successfully'));
+          refresh();
+          dn.refresh();
         }}
       />
     </>
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/client/hooks/useCustomRequestVariableOptions.ts b/packages/plugins/@nocobase/plugin-action-custom-request/src/client/hooks/useCustomRequestVariableOptions.ts
index 45ef9daafb..9980ba5625 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/client/hooks/useCustomRequestVariableOptions.ts
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/client/hooks/useCustomRequestVariableOptions.ts
@@ -14,6 +14,7 @@ import {
   useCollectionFilterOptions,
   useCollectionRecordData,
   useCompile,
+  useGlobalVariable,
 } from '@nocobase/client';
 import { useMemo } from 'react';
 import { useTranslation } from '../locale';
@@ -26,13 +27,13 @@ export const useCustomRequestVariableOptions = () => {
   const compile = useCompile();
   const recordData = useCollectionRecordData();
   const { name: blockType } = useBlockContext() || {};
-
   const [fields, userFields] = useMemo(() => {
     return [compile(fieldsOptions), compile(userFieldOptions)];
   }, [fieldsOptions, userFieldOptions]);
-
+  const environmentVariables = useGlobalVariable('$env');
   return useMemo(() => {
     return [
+      environmentVariables,
       recordData && {
         name: 'currentRecord',
         title: t('Current record', { ns: 'client' }),
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts
index e8fbcae0fc..240f52e08b 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts
@@ -154,6 +154,7 @@ export async function send(this: CustomRequestPlugin, ctx: Context, next: Next)
     currentTime: new Date().toISOString(),
     $nToken: ctx.getBearerToken(),
     $nForm,
+    $env: ctx.app.environment.getVariables(),
   };
 
   const axiosRequestConfig = {
@@ -169,8 +170,6 @@ export async function send(this: CustomRequestPlugin, ctx: Context, next: Next)
     data: getParsedValue(data, variables),
   };
 
-  console.log(axiosRequestConfig);
-
   const requestUrl = axios.getUri(axiosRequestConfig);
   this.logger.info(`custom-request:send:${filterByTk} request url ${requestUrl}`);
   this.logger.info(
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequest.ts b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequest.ts
index 0a07c7daf6..fb24ca482c 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequest.ts
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequest.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: 'required',
   name: 'customRequests',
   autoGenId: false,
+  migrationRules: ['overwrite', 'skip'],
   fields: [
     {
       type: 'uid',
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequestsRoles.ts b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequestsRoles.ts
index 5b3f1379c5..b294df8293 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequestsRoles.ts
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/collections/customRequestsRoles.ts
@@ -12,4 +12,5 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'customRequestsRoles',
+  migrationRules: ['overwrite', 'skip'],
 });
diff --git a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/plugin.ts
index 0fc563fd39..175da24e33 100644
--- a/packages/plugins/@nocobase/plugin-action-custom-request/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-action-custom-request/src/server/plugin.ts
@@ -9,7 +9,6 @@
 
 import { Logger, LoggerOptions } from '@nocobase/logger';
 import { InstallOptions, Plugin } from '@nocobase/server';
-import { resolve } from 'path';
 import { listByCurrentRole } from './actions/listByCurrentRole';
 import { send } from './actions/send';
 
@@ -32,9 +31,7 @@ export class PluginActionCustomRequestServer extends Plugin {
   }
 
   async load() {
-    await this.importCollections(resolve(__dirname, 'collections'));
-
-    this.app.resource({
+    this.app.resourceManager.define({
       name: 'customRequests',
       actions: {
         send: send.bind(this),
diff --git a/packages/plugins/@nocobase/plugin-api-keys/src/collections/apiKeys.ts b/packages/plugins/@nocobase/plugin-api-keys/src/collections/apiKeys.ts
index ddbb5e2574..81d76c6484 100644
--- a/packages/plugins/@nocobase/plugin-api-keys/src/collections/apiKeys.ts
+++ b/packages/plugins/@nocobase/plugin-api-keys/src/collections/apiKeys.ts
@@ -14,6 +14,7 @@ export default {
   dumpRules: {
     group: 'user',
   },
+  migrationRules: ['schema-only', 'skip'],
   shared: true,
   name: 'apiKeys',
   sortable: 'sort',
diff --git a/packages/plugins/@nocobase/plugin-audit-logs/src/server/collections/auditLogs.ts b/packages/plugins/@nocobase/plugin-audit-logs/src/server/collections/auditLogs.ts
index 2a0ddd7a24..613a56aca1 100644
--- a/packages/plugins/@nocobase/plugin-audit-logs/src/server/collections/auditLogs.ts
+++ b/packages/plugins/@nocobase/plugin-audit-logs/src/server/collections/auditLogs.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   name: 'auditLogs',
   createdBy: false,
   updatedBy: false,
diff --git a/packages/plugins/@nocobase/plugin-auth/src/server/collections/authenticators.ts b/packages/plugins/@nocobase/plugin-auth/src/server/collections/authenticators.ts
index 4b3badf667..1c4b880639 100644
--- a/packages/plugins/@nocobase/plugin-auth/src/server/collections/authenticators.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/server/collections/authenticators.ts
@@ -16,6 +16,7 @@ export default defineCollection({
   dumpRules: {
     group: 'third-party',
   },
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   name: 'authenticators',
   sortable: true,
diff --git a/packages/plugins/@nocobase/plugin-auth/src/server/collections/token-blacklist.ts b/packages/plugins/@nocobase/plugin-auth/src/server/collections/token-blacklist.ts
index 1115054ed3..6d9e818b5f 100644
--- a/packages/plugins/@nocobase/plugin-auth/src/server/collections/token-blacklist.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/server/collections/token-blacklist.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   shared: true,
   name: 'tokenBlacklist',
   model: 'TokenBlacklistModel',
diff --git a/packages/plugins/@nocobase/plugin-auth/src/server/collections/users-authenticators.ts b/packages/plugins/@nocobase/plugin-auth/src/server/collections/users-authenticators.ts
index 513058114b..cd551ebece 100644
--- a/packages/plugins/@nocobase/plugin-auth/src/server/collections/users-authenticators.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/server/collections/users-authenticators.ts
@@ -18,6 +18,7 @@ export default defineCollection({
     group: 'user',
   },
   shared: true,
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   name: 'usersAuthenticators',
   model: 'UserAuthModel',
   createdBy: true,
diff --git a/packages/plugins/@nocobase/plugin-auth/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-auth/src/server/plugin.ts
index 7d491cc7ce..28b13033c5 100644
--- a/packages/plugins/@nocobase/plugin-auth/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/server/plugin.ts
@@ -10,6 +10,7 @@
 import { Cache } from '@nocobase/cache';
 import { Model } from '@nocobase/database';
 import { InstallOptions, Plugin } from '@nocobase/server';
+import { tval } from '@nocobase/utils';
 import { namespace, presetAuthType, presetAuthenticator } from '../preset';
 import authActions from './actions/auth';
 import authenticatorsActions from './actions/authenticators';
@@ -17,7 +18,6 @@ import { BasicAuth } from './basic-auth';
 import { AuthModel } from './model/authenticator';
 import { Storer } from './storer';
 import { TokenBlacklistService } from './token-blacklist';
-import { tval } from '@nocobase/utils';
 
 export class PluginAuthServer extends Plugin {
   cache: Cache;
@@ -36,8 +36,10 @@ export class PluginAuthServer extends Plugin {
     });
     // Set up auth manager
     const storer = new Storer({
+      app: this.app,
       db: this.db,
       cache: this.cache,
+      authManager: this.app.authManager,
     });
     this.app.authManager.setStorer(storer);
 
diff --git a/packages/plugins/@nocobase/plugin-auth/src/server/storer.ts b/packages/plugins/@nocobase/plugin-auth/src/server/storer.ts
index 99b0f77c49..01b7030116 100644
--- a/packages/plugins/@nocobase/plugin-auth/src/server/storer.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/server/storer.ts
@@ -7,32 +7,62 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { Storer as IStorer } from '@nocobase/auth';
+import { AuthManager, Storer as IStorer } from '@nocobase/auth';
 import { Cache } from '@nocobase/cache';
 import { Database, Model } from '@nocobase/database';
+import { Application } from '@nocobase/server';
 import { AuthModel } from './model/authenticator';
 
 export class Storer implements IStorer {
   db: Database;
   cache: Cache;
+  app: Application;
+  authManager: AuthManager;
   key = 'authenticators';
 
-  constructor({ db, cache }: { db: Database; cache: Cache }) {
+  constructor({
+    app,
+    db,
+    cache,
+    authManager,
+  }: {
+    app?: Application;
+    db: Database;
+    cache: Cache;
+    authManager: AuthManager;
+  }) {
+    this.app = app;
     this.db = db;
     this.cache = cache;
+    this.authManager = authManager;
 
     this.db.on('authenticators.afterSave', async (model: AuthModel) => {
       if (!model.enabled) {
         await this.cache.delValueInObject(this.key, model.name);
         return;
       }
-      await this.cache.setValueInObject(this.key, model.name, model);
+      await this.cache.setValueInObject(this.key, model.name, this.renderJsonTemplate(model));
     });
     this.db.on('authenticators.afterDestroy', async (model: AuthModel) => {
       await this.cache.delValueInObject(this.key, model.name);
     });
   }
 
+  renderJsonTemplate(authenticator: any) {
+    if (!authenticator) {
+      return authenticator;
+    }
+    const $env = this.app?.environment;
+    if (!$env) {
+      return authenticator;
+    }
+    const config = this.authManager.getAuthConfig(authenticator.authType);
+    authenticator.dataValues.options = $env.renderJsonTemplate(authenticator.dataValues.options, {
+      omit: config?.auth?.['optionsKeysNotAllowedInEnv'],
+    });
+    return authenticator;
+  }
+
   async getCache(): Promise<AuthModel[]> {
     const authenticators = (await this.cache.get(this.key)) as Record<string, AuthModel>;
     if (!authenticators) {
@@ -43,7 +73,7 @@ export class Storer implements IStorer {
 
   async setCache(authenticators: AuthModel[]) {
     const obj = authenticators.reduce((obj, authenticator) => {
-      obj[authenticator.name] = authenticator;
+      obj[authenticator.name] = this.renderJsonTemplate(authenticator);
       return obj;
     }, {});
     await this.cache.set(this.key, obj);
@@ -55,6 +85,7 @@ export class Storer implements IStorer {
       const repo = this.db.getRepository('authenticators');
       authenticators = await repo.find({ filter: { enabled: true } });
       await this.setCache(authenticators);
+      authenticators = await this.getCache();
     }
     const authenticator = authenticators.find((authenticator: Model) => authenticator.name === name);
     return authenticator || authenticators[0];
diff --git a/packages/plugins/@nocobase/plugin-block-iframe/src/server/collections/iframe-html.ts b/packages/plugins/@nocobase/plugin-block-iframe/src/server/collections/iframe-html.ts
index 4d6ad3a6e5..29a98899ee 100644
--- a/packages/plugins/@nocobase/plugin-block-iframe/src/server/collections/iframe-html.ts
+++ b/packages/plugins/@nocobase/plugin-block-iframe/src/server/collections/iframe-html.ts
@@ -13,6 +13,7 @@ export default {
   namespace: 'iframe-block.iframe-html-storage',
   dumpRules: 'required',
   name: 'iframeHtml',
+  migrationRules: ['overwrite', 'skip'],
   createdBy: true,
   updatedBy: true,
   shared: true,
diff --git a/packages/plugins/@nocobase/plugin-client/src/server/server.ts b/packages/plugins/@nocobase/plugin-client/src/server/server.ts
index 369a083608..f0d58dd692 100644
--- a/packages/plugins/@nocobase/plugin-client/src/server/server.ts
+++ b/packages/plugins/@nocobase/plugin-client/src/server/server.ts
@@ -8,11 +8,11 @@
  */
 
 import { Plugin } from '@nocobase/server';
+import * as process from 'node:process';
 import { resolve } from 'path';
 import { getAntdLocale } from './antd';
 import { getCronLocale } from './cron';
 import { getCronstrueLocale } from './cronstrue';
-import * as process from 'node:process';
 
 async function getLang(ctx) {
   const SystemSetting = ctx.db.getRepository('systemSettings');
@@ -66,11 +66,11 @@ export class PluginClientServer extends Plugin {
     this.app.acl.allow('app', 'getInfo');
     this.app.acl.registerSnippet({
       name: 'app',
-      actions: ['app:restart', 'app:clearCache'],
+      actions: ['app:restart', 'app:refresh', 'app:clearCache'],
     });
     const dialect = this.app.db.sequelize.getDialect();
 
-    this.app.resource({
+    this.app.resourceManager.define({
       name: 'app',
       actions: {
         async getInfo(ctx, next) {
@@ -116,10 +116,14 @@ export class PluginClientServer extends Plugin {
           ctx.app.runAsCLI(['restart'], { from: 'user' });
           await next();
         },
+        async refresh(ctx, next) {
+          ctx.app.runCommand('refresh');
+          await next();
+        },
       },
     });
 
-    this.app.auditManager.registerActions(['app:restart', 'app:clearCache']);
+    this.app.auditManager.registerActions(['app:restart', 'app:refresh', 'app:clearCache']);
   }
 }
 
diff --git a/packages/plugins/@nocobase/plugin-collection-tree/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-collection-tree/src/server/plugin.ts
index 945b558a40..562eba96b6 100644
--- a/packages/plugins/@nocobase/plugin-collection-tree/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-collection-tree/src/server/plugin.ts
@@ -36,9 +36,13 @@ class PluginCollectionTreeServer extends Plugin {
 
           //always define tree path collection
           const options = {};
+
+          options['mainCollection'] = collection.name;
+
           if (collection.options.schema) {
             options['schema'] = collection.options.schema;
           }
+
           this.defineTreePathCollection(name, options);
 
           //afterSync
diff --git a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collectionCategories.ts b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collectionCategories.ts
index ca91578636..8db1c4f6fa 100644
--- a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collectionCategories.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collectionCategories.ts
@@ -13,6 +13,7 @@ export default {
   dumpRules: {
     group: 'required',
   },
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   name: 'collectionCategories',
   autoGenId: true,
diff --git a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collections.ts b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collections.ts
index ad6c56eb2a..fa72df7ec3 100644
--- a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collections.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/collections.ts
@@ -11,6 +11,7 @@ import { CollectionOptions } from '@nocobase/database';
 
 export default {
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   name: 'collections',
   sortable: 'sort',
diff --git a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/fields.ts b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/fields.ts
index e5629ed1e8..287d19d621 100644
--- a/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/fields.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-main/src/server/collections/fields.ts
@@ -11,6 +11,7 @@ import { CollectionOptions } from '@nocobase/database';
 
 export default {
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   name: 'fields',
   autoGenId: false,
diff --git a/packages/plugins/@nocobase/plugin-data-source-main/src/server/server.ts b/packages/plugins/@nocobase/plugin-data-source-main/src/server/server.ts
index 82816ced7e..9ef05a47eb 100644
--- a/packages/plugins/@nocobase/plugin-data-source-main/src/server/server.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-main/src/server/server.ts
@@ -13,6 +13,8 @@ import { Plugin } from '@nocobase/server';
 import lodash from 'lodash';
 import path from 'path';
 import { CollectionRepository } from '.';
+import { FieldIsDependedOnByOtherError } from './errors/field-is-depended-on-by-other';
+import { FieldNameExistsError } from './errors/field-name-exists-error';
 import {
   afterCreateForForeignKeyField,
   afterCreateForReverseField,
@@ -20,15 +22,13 @@ import {
   beforeDestroyForeignKey,
   beforeInitOptions,
 } from './hooks';
+import { beforeCreateCheckFieldInMySQL } from './hooks/beforeCreateCheckFieldInMySQL';
 import { beforeCreateForValidateField, beforeUpdateForValidateField } from './hooks/beforeCreateForValidateField';
 import { beforeCreateForViewCollection } from './hooks/beforeCreateForViewCollection';
+import { beforeDestoryField } from './hooks/beforeDestoryField';
 import { CollectionModel, FieldModel } from './models';
 import collectionActions from './resourcers/collections';
 import viewResourcer from './resourcers/views';
-import { FieldNameExistsError } from './errors/field-name-exists-error';
-import { beforeDestoryField } from './hooks/beforeDestoryField';
-import { FieldIsDependedOnByOtherError } from './errors/field-is-depended-on-by-other';
-import { beforeCreateCheckFieldInMySQL } from './hooks/beforeCreateCheckFieldInMySQL';
 
 export class PluginDataSourceMainServer extends Plugin {
   private loadFilter: Filter = {};
@@ -394,7 +394,6 @@ export class PluginDataSourceMainServer extends Plugin {
   }
 
   async load() {
-    await this.importCollections(path.resolve(__dirname, './collections'));
     this.db.getRepository<CollectionRepository>('collections').setApp(this.app);
 
     const errorHandlerPlugin = this.app.getPlugin<PluginErrorHandler>('error-handler');
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-collections.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-collections.ts
index 5471f18c84..78a5d0c6af 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-collections.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-collections.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   name: 'dataSourcesCollections',
   model: 'DataSourcesCollectionModel',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   autoGenId: false,
   timestamps: false,
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-fields.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-fields.ts
index e57a93531b..dcc61982cd 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-fields.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-fields.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   name: 'dataSourcesFields',
   model: 'DataSourcesFieldModel',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   autoGenId: false,
   timestamps: false,
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-actions.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-actions.ts
index 8b468141ef..0dca759431 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-actions.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-actions.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'dataSourcesRolesResourcesActions',
   model: 'DataSourcesRolesResourcesActionModel',
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-scopes.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-scopes.ts
index b025bcd027..85f591b1a5 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-scopes.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources-scopes.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'dataSourcesRolesResourcesScopes',
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources.ts
index 848519a92a..611e30aef3 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles-resources.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'dataSourcesRolesResources',
   model: 'DataSourcesRolesResourcesModel',
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles.ts
index 94474be92d..6c82fffe29 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources-roles.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   name: 'dataSourcesRoles',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   autoGenId: false,
   timestamps: false,
   model: 'DataSourcesRolesModel',
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources.ts
index 50aadf8154..e7dc251173 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/collections/data-sources.ts
@@ -15,6 +15,7 @@ export default defineCollection({
   autoGenId: false,
   shared: true,
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   fields: [
     {
       type: 'string',
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/models/data-source.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/models/data-source.ts
index d884d00826..6f25fcaff4 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/models/data-source.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/models/data-source.ts
@@ -7,13 +7,13 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { Model, Transaction } from '@nocobase/database';
-import { Application } from '@nocobase/server';
-import { setCurrentRole } from '@nocobase/plugin-acl';
 import { ACL, AvailableActionOptions } from '@nocobase/acl';
-import { DataSourcesRolesModel } from './data-sources-roles-model';
+import { Model, Transaction } from '@nocobase/database';
+import { setCurrentRole } from '@nocobase/plugin-acl';
+import { Application } from '@nocobase/server';
+import path from 'path';
 import PluginDataSourceManagerServer from '../plugin';
-import * as path from 'path';
+import { DataSourcesRolesModel } from './data-sources-roles-model';
 
 const availableActions: {
   [key: string]: AvailableActionOptions;
diff --git a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/plugin.ts
index 5b8c229d13..38812a1374 100644
--- a/packages/plugins/@nocobase/plugin-data-source-manager/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-data-source-manager/src/server/plugin.ts
@@ -17,12 +17,12 @@ import rolesConnectionResourcesResourcer from './resourcers/data-sources-resourc
 import databaseConnectionsRolesResourcer from './resourcers/data-sources-roles';
 import { rolesRemoteCollectionsResourcer } from './resourcers/roles-data-sources-collections';
 
+import { LoadingProgress } from '@nocobase/data-source-manager';
 import lodash from 'lodash';
 import { DataSourcesRolesResourcesModel } from './models/connections-roles-resources';
 import { DataSourcesRolesResourcesActionModel } from './models/connections-roles-resources-action';
 import { DataSourceModel } from './models/data-source';
 import { DataSourcesRolesModel } from './models/data-sources-roles-model';
-import { LoadingProgress } from '@nocobase/data-source-manager';
 
 type DataSourceState = 'loading' | 'loaded' | 'loading-failed' | 'reloading' | 'reloading-failed';
 
@@ -131,6 +131,10 @@ export class PluginDataSourceManagerServer extends Plugin {
     [dataSourceKey: string]: LoadingProgress;
   } = {};
 
+  renderJsonTemplate(template) {
+    return this.app.environment.renderJsonTemplate(template);
+  }
+
   async beforeLoad() {
     this.app.db.registerModels({
       DataSourcesCollectionModel,
@@ -187,7 +191,7 @@ export class PluginDataSourceManagerServer extends Plugin {
         }
 
         try {
-          await klass.testConnection(dataSourceOptions);
+          await klass.testConnection(this.renderJsonTemplate(dataSourceOptions || {}));
         } catch (error) {
           throw new Error(`Test connection failed: ${error.message}`);
         }
@@ -398,7 +402,7 @@ export class PluginDataSourceManagerServer extends Plugin {
         const klass = ctx.app.dataSourceManager.factory.getClass(type);
 
         try {
-          await klass.testConnection(options);
+          await klass.testConnection(self.renderJsonTemplate(options));
         } catch (error) {
           throw new Error(`Test connection failed: ${error.message}`);
         }
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/.npmignore b/packages/plugins/@nocobase/plugin-environment-variables/.npmignore
new file mode 100644
index 0000000000..65f5e8779f
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/.npmignore
@@ -0,0 +1,2 @@
+/node_modules
+/src
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/README.md b/packages/plugins/@nocobase/plugin-environment-variables/README.md
new file mode 100644
index 0000000000..a1c4b0900c
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/README.md
@@ -0,0 +1 @@
+# @nocobase/plugin-environment-variables
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/client.d.ts b/packages/plugins/@nocobase/plugin-environment-variables/client.d.ts
new file mode 100644
index 0000000000..6c459cbac4
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/client.d.ts
@@ -0,0 +1,2 @@
+export * from './dist/client';
+export { default } from './dist/client';
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/client.js b/packages/plugins/@nocobase/plugin-environment-variables/client.js
new file mode 100644
index 0000000000..b6e3be70e6
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/client.js
@@ -0,0 +1 @@
+module.exports = require('./dist/client/index.js');
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/package.json b/packages/plugins/@nocobase/plugin-environment-variables/package.json
new file mode 100644
index 0000000000..8871212784
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "@nocobase/plugin-environment-variables",
+  "version": "1.6.0-alpha.9",
+  "main": "dist/server/index.js",
+  "dependencies": {},
+  "peerDependencies": {
+    "@nocobase/client": "1.x",
+    "@nocobase/server": "1.x",
+    "@nocobase/test": "1.x"
+  },
+  "displayName": "Environment variables",
+  "displayName.zh-CN": "环境变量",
+  "description": "Centralized configuration and management of environment variables, used for sensitive data storage, configuration data reuse, multi-environment isolation, and more.",
+  "description.zh-CN": "集中配置和管理环境变量，用于敏感数据存储、配置数据重用、多环境隔离等。",
+  "keywords": [
+    "System management"
+  ]
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/server.d.ts b/packages/plugins/@nocobase/plugin-environment-variables/server.d.ts
new file mode 100644
index 0000000000..c41081ddc6
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/server.d.ts
@@ -0,0 +1,2 @@
+export * from './dist/server';
+export { default } from './dist/server';
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/server.js b/packages/plugins/@nocobase/plugin-environment-variables/server.js
new file mode 100644
index 0000000000..972842039a
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/server.js
@@ -0,0 +1 @@
+module.exports = require('./dist/server/index.js');
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/EnvironmentVariablesAndSecretsProvider.tsx b/packages/plugins/@nocobase/plugin-environment-variables/src/client/EnvironmentVariablesAndSecretsProvider.tsx
new file mode 100644
index 0000000000..4346416cd6
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/EnvironmentVariablesAndSecretsProvider.tsx
@@ -0,0 +1,36 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { observer } from '@formily/react';
+import { useIsAdminPage, useRequest } from '@nocobase/client';
+import React, { createContext } from 'react';
+
+const EnvAndSecretsContext = createContext<any>({});
+
+const InternalProvider = (props) => {
+  const variablesRequest = useRequest<any>({
+    url: 'environmentVariables?paginate=false',
+  });
+  return <EnvAndSecretsContext.Provider value={{ variablesRequest }}>{props.children}</EnvAndSecretsContext.Provider>;
+};
+
+const EnvironmentVariablesAndSecretsProvider = observer(
+  (props) => {
+    const isAdminPage = useIsAdminPage();
+    if (!isAdminPage) {
+      return <>{props.children}</>;
+    }
+    return <InternalProvider {...props} />;
+  },
+  {
+    displayName: 'EnvironmentVariablesAndSecretsProvider',
+  },
+);
+
+export { EnvAndSecretsContext, EnvironmentVariablesAndSecretsProvider };
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/client.d.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/client/client.d.ts
new file mode 100644
index 0000000000..4e96f83fa1
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/client.d.ts
@@ -0,0 +1,249 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+// CSS modules
+type CSSModuleClasses = { readonly [key: string]: string };
+
+declare module '*.module.css' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.scss' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.sass' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.less' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.styl' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.stylus' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.pcss' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+declare module '*.module.sss' {
+  const classes: CSSModuleClasses;
+  export default classes;
+}
+
+// CSS
+declare module '*.css' { }
+declare module '*.scss' { }
+declare module '*.sass' { }
+declare module '*.less' { }
+declare module '*.styl' { }
+declare module '*.stylus' { }
+declare module '*.pcss' { }
+declare module '*.sss' { }
+
+// Built-in asset types
+// see `src/node/constants.ts`
+
+// images
+declare module '*.apng' {
+  const src: string;
+  export default src;
+}
+declare module '*.png' {
+  const src: string;
+  export default src;
+}
+declare module '*.jpg' {
+  const src: string;
+  export default src;
+}
+declare module '*.jpeg' {
+  const src: string;
+  export default src;
+}
+declare module '*.jfif' {
+  const src: string;
+  export default src;
+}
+declare module '*.pjpeg' {
+  const src: string;
+  export default src;
+}
+declare module '*.pjp' {
+  const src: string;
+  export default src;
+}
+declare module '*.gif' {
+  const src: string;
+  export default src;
+}
+declare module '*.svg' {
+  const src: string;
+  export default src;
+}
+declare module '*.ico' {
+  const src: string;
+  export default src;
+}
+declare module '*.webp' {
+  const src: string;
+  export default src;
+}
+declare module '*.avif' {
+  const src: string;
+  export default src;
+}
+
+// media
+declare module '*.mp4' {
+  const src: string;
+  export default src;
+}
+declare module '*.webm' {
+  const src: string;
+  export default src;
+}
+declare module '*.ogg' {
+  const src: string;
+  export default src;
+}
+declare module '*.mp3' {
+  const src: string;
+  export default src;
+}
+declare module '*.wav' {
+  const src: string;
+  export default src;
+}
+declare module '*.flac' {
+  const src: string;
+  export default src;
+}
+declare module '*.aac' {
+  const src: string;
+  export default src;
+}
+declare module '*.opus' {
+  const src: string;
+  export default src;
+}
+declare module '*.mov' {
+  const src: string;
+  export default src;
+}
+declare module '*.m4a' {
+  const src: string;
+  export default src;
+}
+declare module '*.vtt' {
+  const src: string;
+  export default src;
+}
+
+// fonts
+declare module '*.woff' {
+  const src: string;
+  export default src;
+}
+declare module '*.woff2' {
+  const src: string;
+  export default src;
+}
+declare module '*.eot' {
+  const src: string;
+  export default src;
+}
+declare module '*.ttf' {
+  const src: string;
+  export default src;
+}
+declare module '*.otf' {
+  const src: string;
+  export default src;
+}
+
+// other
+declare module '*.webmanifest' {
+  const src: string;
+  export default src;
+}
+declare module '*.pdf' {
+  const src: string;
+  export default src;
+}
+declare module '*.txt' {
+  const src: string;
+  export default src;
+}
+
+// wasm?init
+declare module '*.wasm?init' {
+  const initWasm: (options?: WebAssembly.Imports) => Promise<WebAssembly.Instance>;
+  export default initWasm;
+}
+
+// web worker
+declare module '*?worker' {
+  const workerConstructor: {
+    new(options?: { name?: string }): Worker;
+  };
+  export default workerConstructor;
+}
+
+declare module '*?worker&inline' {
+  const workerConstructor: {
+    new(options?: { name?: string }): Worker;
+  };
+  export default workerConstructor;
+}
+
+declare module '*?worker&url' {
+  const src: string;
+  export default src;
+}
+
+declare module '*?sharedworker' {
+  const sharedWorkerConstructor: {
+    new(options?: { name?: string }): SharedWorker;
+  };
+  export default sharedWorkerConstructor;
+}
+
+declare module '*?sharedworker&inline' {
+  const sharedWorkerConstructor: {
+    new(options?: { name?: string }): SharedWorker;
+  };
+  export default sharedWorkerConstructor;
+}
+
+declare module '*?sharedworker&url' {
+  const src: string;
+  export default src;
+}
+
+declare module '*?raw' {
+  const src: string;
+  export default src;
+}
+
+declare module '*?url' {
+  const src: string;
+  export default src;
+}
+
+declare module '*?inline' {
+  const src: string;
+  export default src;
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentPage.tsx b/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentPage.tsx
new file mode 100644
index 0000000000..14450085f4
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentPage.tsx
@@ -0,0 +1,15 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import React from 'react';
+import { EnvironmentTabs } from './EnvironmentTabs';
+
+export default function EnvironmentPage() {
+  return <EnvironmentTabs />;
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentTabs.tsx b/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentTabs.tsx
new file mode 100644
index 0000000000..e3fed4d7e0
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/components/EnvironmentTabs.tsx
@@ -0,0 +1,510 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { DownOutlined, PlusOutlined, DeleteOutlined, ReloadOutlined } from '@ant-design/icons';
+import {
+  Checkbox,
+  FormButtonGroup,
+  FormDrawer,
+  FormItem,
+  FormLayout,
+  Input,
+  Radio,
+  Reset,
+  Submit,
+} from '@formily/antd-v5';
+import { useField } from '@formily/react';
+import { registerValidateRules } from '@formily/core';
+import { createSchemaField } from '@formily/react';
+import {
+  SchemaComponentOptions,
+  useAPIClient,
+  SchemaComponent,
+  useFilterFieldProps,
+  useFilterFieldOptions,
+} from '@nocobase/client';
+import { Alert, App, Button, Card, Dropdown, Flex, Space, Table, Tag } from 'antd';
+import React, { useContext, useState } from 'react';
+import { VAR_NAME_RE } from '../../re';
+import { EnvAndSecretsContext } from '../EnvironmentVariablesAndSecretsProvider';
+import { useT } from '../locale';
+
+registerValidateRules({
+  env_name_rule(value) {
+    if (!value) return '';
+    return VAR_NAME_RE.test(value)
+      ? ''
+      : 'Only letters, numbers and underscores are allowed, and it must start with a letter.';
+  },
+});
+
+const SchemaField = createSchemaField({
+  components: {
+    FormItem,
+    Input,
+    Checkbox,
+    Radio,
+  },
+});
+
+const bulkSchema = {
+  type: 'object',
+  properties: {
+    variables: {
+      type: 'string',
+      title: `{{ t("Plain text") }}`,
+      'x-decorator': 'FormItem',
+      'x-component': 'Input.TextArea',
+      'x-component-props': {
+        autoSize: { minRows: 10, maxRows: 20 },
+        placeholder: `FOO=aaa
+BAR=bbb
+        `,
+      },
+    },
+    secret: {
+      type: 'string',
+      title: `{{ t("Encrypted") }}`,
+      'x-decorator': 'FormItem',
+      'x-component': 'Input.TextArea',
+      'x-component-props': {
+        autoSize: { minRows: 10, maxRows: 20 },
+        placeholder: `FOO=aaa
+BAR=bbb
+        `,
+      },
+    },
+  },
+};
+
+const schema = {
+  type: 'object',
+  properties: {
+    name: {
+      type: 'string',
+      title: `{{ t("Name") }}`,
+      required: true,
+      'x-validator': {
+        env_name_rule: true,
+      },
+      'x-decorator': 'FormItem',
+      'x-component': 'Input',
+      'x-disabled': '{{ !createOnly }}',
+    },
+    type: {
+      type: 'string',
+      title: `{{ t("Type") }}`,
+      required: true,
+      'x-decorator': 'FormItem',
+      'x-component': 'Radio.Group',
+      default: 'default',
+      enum: [
+        {
+          value: 'default',
+          label: '{{t("Plain text")}}',
+        },
+        {
+          value: 'secret',
+          label: '{{t("Encrypted")}}',
+        },
+      ],
+    },
+    value: {
+      type: 'string',
+      title: `{{ t("Value") }}`,
+      required: true,
+      'x-decorator': 'FormItem',
+      'x-component': 'Input.TextArea',
+    },
+  },
+};
+
+export function EnvironmentVariables({ request, setSelectRowKeys }) {
+  const { modal } = App.useApp();
+  const t = useT();
+  const api = useAPIClient();
+  const { data, loading, refresh } = request || {};
+
+  const typEnum = {
+    default: {
+      label: t('Plain text'),
+      color: 'green',
+    },
+    secret: {
+      label: t('Encrypted'),
+      color: 'red',
+    },
+  };
+
+  const resource = api.resource('environmentVariables');
+
+  const handleDelete = (data) => {
+    modal.confirm({
+      title: t('Delete variable'),
+      content: t('Are you sure you want to delete it?'),
+      async onOk() {
+        await resource.destroy({
+          filterByTk: data.name,
+        });
+        refresh();
+      },
+    });
+  };
+
+  const handleEdit = async (initialValues) => {
+    const drawer = FormDrawer({ title: t('Edit') }, () => {
+      return (
+        <FormLayout layout={'vertical'}>
+          <SchemaComponentOptions scope={{ createOnly: false, t }}>
+            <SchemaField schema={schema} />
+          </SchemaComponentOptions>
+          <FormDrawer.Footer>
+            <FormButtonGroup align="right">
+              <Reset
+                onClick={() => {
+                  drawer.close();
+                }}
+              >
+                {t('Cancel')}
+              </Reset>
+              <Submit
+                onSubmit={async (data) => {
+                  await api.request({
+                    url: `environmentVariables:update?filterByTk=${initialValues.name}`,
+                    method: 'post',
+                    data: {
+                      ...data,
+                    },
+                  });
+                  request.refresh();
+                }}
+              >
+                {t('Submit')}
+              </Submit>
+            </FormButtonGroup>
+          </FormDrawer.Footer>
+        </FormLayout>
+      );
+    });
+    drawer.open({
+      initialValues: { ...initialValues },
+    });
+  };
+
+  return (
+    <div>
+      <Table
+        loading={loading}
+        size="middle"
+        rowKey={'name'}
+        dataSource={data?.data}
+        pagination={false}
+        columns={[
+          {
+            title: t('Name'),
+            dataIndex: 'name',
+            ellipsis: true,
+          },
+          {
+            title: t('Type'),
+            dataIndex: 'type',
+            render: (value) => <Tag color={typEnum[value].color}>{typEnum[value].label}</Tag>,
+          },
+          {
+            title: t('Value'),
+            ellipsis: true,
+            render: (record) => <div>{record.type === 'default' ? record.value : '******'}</div>,
+          },
+          {
+            title: t('Actions'),
+            width: 200,
+            render: (record) => (
+              <Space>
+                <a onClick={() => handleEdit(record)}>{t('Edit')}</a>
+                <a onClick={() => handleDelete(record)}>{t('Delete')}</a>
+              </Space>
+            ),
+          },
+        ]}
+        rowSelection={{
+          type: 'checkbox',
+          onChange: (rowKeys, selectedRows) => {
+            setSelectRowKeys(rowKeys);
+          },
+        }}
+      />
+    </div>
+  );
+}
+/**
+ * @param {string} input - The input string containing key-value pairs, separated by `=` and line breaks.
+ * @returns {Array<{name: string, value: string}>} - The converted array of objects.
+ */
+function parseKeyValuePairs(input, type) {
+  return input
+    .trim()
+    .split('\n')
+    .map((line) => {
+      const [name, ...valueParts] = line.split('='); // 按 `=` 分割
+      return (
+        name && {
+          name: name.trim(),
+          value: valueParts.join('=').trim(),
+          type: type === 'secret' ? 'secret' : 'default',
+        }
+      ); // 去除多余空格
+    });
+}
+
+export function EnvironmentTabs() {
+  const api = useAPIClient();
+  const t = useT();
+  const { modal } = App.useApp();
+  const { variablesRequest } = useContext(EnvAndSecretsContext);
+  const [selectRowKeys, setSelectRowKeys] = useState([]);
+  const resource = api.resource('environmentVariables');
+
+  const handleBulkImport = async (importData) => {
+    const arr = Object.entries(importData).map(([type, dataString]) => {
+      return parseKeyValuePairs(dataString, type).filter(Boolean);
+    });
+    await api.request({
+      url: 'environmentVariables:create',
+      method: 'post',
+      data: arr.flat(),
+    });
+  };
+  const handelBulkDelete = () => {
+    if (selectRowKeys.length > 0) {
+      modal.confirm({
+        title: t('Delete variable'),
+        content: t('Are you sure you want to delete it?'),
+        async onOk() {
+          await resource.destroy({
+            filterByTk: selectRowKeys,
+          });
+          variablesRequest?.refresh?.();
+        },
+      });
+    }
+  };
+  const handelRefresh = () => {
+    variablesRequest?.refresh?.();
+  };
+
+  const filterOptions = [
+    {
+      name: 'name',
+      title: t('Name'),
+      operators: [
+        { label: '{{t("contains")}}', value: '$includes', selected: true },
+        { label: '{{t("does not contain")}}', value: '$notIncludes' },
+        { label: '{{t("is")}}', value: '$eq' },
+        { label: '{{t("is not")}}', value: '$ne' },
+      ],
+      schema: {
+        type: 'string',
+        title: t('Name'),
+        'x-component': 'Input',
+      },
+    },
+    {
+      name: 'type',
+      title: t('Type'),
+      operators: [
+        {
+          label: '{{t("is")}}',
+          value: '$match',
+          selected: true,
+          schema: {
+            'x-component': 'Select',
+            'x-component-props': { mode: 'tags' },
+          },
+        },
+        {
+          label: '{{t("is not")}}',
+          value: '$notMatch',
+          schema: {
+            'x-component': 'Select',
+            'x-component-props': { mode: 'tags' },
+          },
+        },
+      ],
+      schema: {
+        type: 'string',
+        title: t('Type'),
+        'x-component': 'Select',
+        enum: [
+          {
+            value: 'default',
+            label: '{{t("Plain text")}}',
+          },
+          {
+            value: 'secret',
+            label: '{{t("Encrypted")}}',
+          },
+        ],
+      },
+    },
+    {
+      name: 'value',
+      title: t('Value'),
+      operators: [
+        { label: '{{t("contains")}}', value: '$includes', selected: true },
+        { label: '{{t("does not contain")}}', value: '$notIncludes' },
+        { label: '{{t("is")}}', value: '$eq' },
+        { label: '{{t("is not")}}', value: '$ne' },
+      ],
+      schema: {
+        type: 'string',
+        title: t('Value'),
+        'x-component': 'Input',
+      },
+    },
+  ];
+  const useFilterActionProps = () => {
+    const field = useField<any>();
+    const { run } = variablesRequest;
+
+    return {
+      options: filterOptions,
+      onSubmit: async (values) => {
+        run(values);
+
+        field.setValue(values);
+      },
+      onReset: (values) => {
+        field.setValue(values);
+      },
+    };
+  };
+  return (
+    <div>
+      {variablesRequest?.data?.meta?.updated && (
+        <Alert
+          type="warning"
+          style={{ marginBottom: '1.2em', alignItems: 'center' }}
+          description={
+            <div>
+              {t('Environment variables have been updated. A restart is required for the changes to take effect.')}{' '}
+            </div>
+          }
+          action={
+            <Button
+              size="middle"
+              type="primary"
+              onClick={async () => {
+                await api.resource('app').refresh();
+              }}
+            >
+              {t('Restart now')}
+            </Button>
+          }
+        />
+      )}
+      <Card>
+        <div style={{ float: 'left' }}>
+          <SchemaComponent
+            schema={{
+              name: 'filter',
+              type: 'object',
+              title: '{{ t("Filter") }}',
+              default: {
+                $and: [{ name: { $includes: '' } }],
+              },
+              'x-component': 'Filter.Action',
+
+              enum: filterOptions,
+              'x-use-component-props': useFilterActionProps,
+            }}
+            scope={{ t }}
+          />
+        </div>
+        <Flex justify="end" style={{ marginBottom: 16 }}>
+          <Space>
+            <Button icon={<ReloadOutlined />} onClick={handelRefresh}>
+              {t('Refresh')}
+            </Button>
+
+            <Button icon={<DeleteOutlined />} onClick={handelBulkDelete}>
+              {t('Delete')}
+            </Button>
+            <Dropdown
+              menu={{
+                onClick(info) {
+                  FormDrawer(
+                    {
+                      variable: t('Add variable'),
+                      bulk: t('Bulk import'),
+                    }[info.key],
+                    () => {
+                      return (
+                        <FormLayout layout={'vertical'}>
+                          <SchemaComponentOptions scope={{ createOnly: true, t }}>
+                            <SchemaField schema={info.key === 'bulk' ? bulkSchema : schema} />
+                          </SchemaComponentOptions>
+                          <FormDrawer.Footer>
+                            <FormButtonGroup align="right">
+                              <Reset>{t('Cancel')}</Reset>
+                              <Submit
+                                onSubmit={async (data) => {
+                                  if (info.key === 'bulk') {
+                                    await handleBulkImport(data);
+                                    variablesRequest.refresh();
+                                  } else {
+                                    await api.request({
+                                      url: 'environmentVariables:create',
+                                      method: 'post',
+                                      data: {
+                                        ...data,
+                                      },
+                                    });
+                                    variablesRequest.refresh();
+                                  }
+                                }}
+                              >
+                                {t('Submit')}
+                              </Submit>
+                            </FormButtonGroup>
+                          </FormDrawer.Footer>
+                        </FormLayout>
+                      );
+                    },
+                  )
+                    .open({
+                      initialValues: {},
+                    })
+                    .then(console.log)
+                    .catch(console.log);
+                },
+                items: [
+                  {
+                    key: 'variable',
+                    label: t('Add variable'),
+                  },
+                  {
+                    type: 'divider',
+                  },
+                  {
+                    key: 'bulk',
+                    label: t('Bulk import'),
+                  },
+                ],
+              }}
+            >
+              <Button type="primary" icon={<PlusOutlined />}>
+                {t('Add new')} <DownOutlined />
+              </Button>
+            </Dropdown>
+          </Space>
+        </Flex>
+        <EnvironmentVariables request={variablesRequest} setSelectRowKeys={setSelectRowKeys} />
+      </Card>
+    </div>
+  );
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/index.tsx b/packages/plugins/@nocobase/plugin-environment-variables/src/client/index.tsx
new file mode 100644
index 0000000000..a6f0d87858
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/index.tsx
@@ -0,0 +1,27 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { Plugin } from '@nocobase/client';
+import { EnvironmentVariablesAndSecretsProvider } from './EnvironmentVariablesAndSecretsProvider';
+import EnvironmentPage from './components/EnvironmentPage';
+import { useGetEnvironmentVariables } from './utils';
+
+export class PluginEnvironmentVariablesClient extends Plugin {
+  async load() {
+    this.app.pluginSettingsManager.add('environment', {
+      title: this.t('Environment variables'),
+      icon: 'TableOutlined',
+      Component: EnvironmentPage,
+    });
+    this.app.addGlobalVar('$env', useGetEnvironmentVariables);
+    this.app.use(EnvironmentVariablesAndSecretsProvider);
+  }
+}
+
+export default PluginEnvironmentVariablesClient;
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/locale.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/client/locale.ts
new file mode 100644
index 0000000000..84797b7d1b
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/locale.ts
@@ -0,0 +1,21 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+// @ts-ignore
+import pkg from './../../package.json';
+import { useApp } from '@nocobase/client';
+
+export function useT() {
+  const app = useApp();
+  return (str: string) => app.i18n.t(str, { ns: [pkg.name, 'client'] });
+}
+
+export function tStr(key: string) {
+  return `{{t(${JSON.stringify(key)}, { ns: ['${pkg.name}', 'client'], nsMode: 'fallback' })}}`;
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/client/utils.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/client/utils.ts
new file mode 100644
index 0000000000..7c73305a37
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/client/utils.ts
@@ -0,0 +1,33 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { useContext } from 'react';
+import { EnvAndSecretsContext } from './EnvironmentVariablesAndSecretsProvider';
+import { useT } from './locale';
+
+export const useGetEnvironmentVariables = () => {
+  const t = useT();
+  const { variablesRequest } = useContext(EnvAndSecretsContext);
+  const { data: variables, loading: variablesLoading } = variablesRequest || {};
+  if (!variablesLoading && variables?.data?.length) {
+    return {
+      name: '$env',
+      title: t('Environment variables'),
+      value: '$env',
+      label: t('Environment variables'),
+      children: variables?.data
+        .map((v) => {
+          return { title: v.name, name: v.name, value: v.name, label: v.name };
+        })
+        .filter(Boolean),
+    };
+  }
+
+  return null;
+};
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/index.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/index.ts
new file mode 100644
index 0000000000..be99a2ff1a
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/index.ts
@@ -0,0 +1,11 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+export * from './server';
+export { default } from './server';
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/locale/en-US.json b/packages/plugins/@nocobase/plugin-environment-variables/src/locale/en-US.json
new file mode 100644
index 0000000000..0967ef424b
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/locale/en-US.json
@@ -0,0 +1 @@
+{}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/locale/zh-CN.json b/packages/plugins/@nocobase/plugin-environment-variables/src/locale/zh-CN.json
new file mode 100644
index 0000000000..1f8a2f19f0
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/locale/zh-CN.json
@@ -0,0 +1,16 @@
+{
+  "Environment": "环境",
+  "Environment variables": "环境变量",
+  "Variables": "变量",
+  "Secrets": "密钥",
+  "Add variable": "添加变量",
+  "Bulk import": "批量导入",
+  "Name": "名称",
+  "Value": "值",
+  "Type": "类型",
+  "Plain text": "明文",
+  "Encrypted": "加密",
+  "Delete variable": "删除变量",
+  "Restart now": "立即重启",
+  "Environment variables have been updated. A restart is required for the changes to take effect.": "检测到环境变量有更新，需重启应用才能生效。"
+}
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/re.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/re.ts
new file mode 100644
index 0000000000..8fc3c39ccb
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/re.ts
@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+export const VAR_NAME_RE = /^[A-Za-z][A-Za-z0-9_]*$/;
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/server/AesEncryptor.tsx b/packages/plugins/@nocobase/plugin-environment-variables/src/server/AesEncryptor.tsx
new file mode 100644
index 0000000000..f255a1434f
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/server/AesEncryptor.tsx
@@ -0,0 +1,76 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import crypto from 'crypto';
+import fs from 'fs/promises';
+import path from 'path';
+
+class AesEncryptor {
+  private key: Buffer;
+
+  constructor(key: Buffer) {
+    if (key.length !== 32) {
+      throw new Error('Key must be 32 bytes for AES-256 encryption.');
+    }
+    this.key = key;
+  }
+
+  async encrypt(text: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-cbc', this.key as any, iv as any);
+
+        const encrypted = Buffer.concat([cipher.update(Buffer.from(text, 'utf8') as any), cipher.final()] as any[]);
+
+        resolve(iv.toString('hex') + encrypted.toString('hex'));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+
+  async decrypt(encryptedText: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = Buffer.from(encryptedText.slice(0, 32), 'hex'); // 提取前 16 字节作为 IV
+        const encrypted = Buffer.from(encryptedText.slice(32), 'hex'); // 提取密文
+
+        const decipher = crypto.createDecipheriv('aes-256-cbc', this.key as any, iv as any);
+
+        const decrypted = Buffer.concat([decipher.update(encrypted as any), decipher.final()] as any);
+
+        resolve(decrypted.toString('utf8'));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+
+  static async getOrGenerateKey(keyFilePath: string): Promise<Buffer> {
+    try {
+      const key = await fs.readFile(keyFilePath);
+      if (key.length !== 32) {
+        throw new Error('Invalid key length in file.');
+      }
+      return key;
+    } catch (error) {
+      if (error.code === 'ENOENT') {
+        const key = crypto.randomBytes(32);
+        await fs.mkdir(path.dirname(keyFilePath), { recursive: true });
+        await fs.writeFile(keyFilePath, key as any);
+        return key;
+      } else {
+        throw new Error(`Failed to load key: ${error.message}`);
+      }
+    }
+  }
+}
+
+export default AesEncryptor;
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/.gitkeep b/packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/environmentVariables.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/environmentVariables.ts
new file mode 100644
index 0000000000..c9520d5f88
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/server/collections/environmentVariables.ts
@@ -0,0 +1,35 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { defineCollection } from '@nocobase/database';
+import { VAR_NAME_RE } from '../../re';
+
+export default defineCollection({
+  name: 'environmentVariables',
+  autoGenId: false,
+  migrationRules: ['schema-only'],
+  fields: [
+    {
+      type: 'string',
+      name: 'name',
+      primaryKey: true,
+      validate: {
+        is: VAR_NAME_RE,
+      },
+    },
+    {
+      type: 'string',
+      name: 'type',
+    },
+    {
+      type: 'text',
+      name: 'value',
+    },
+  ],
+});
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/server/index.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/server/index.ts
new file mode 100644
index 0000000000..be989de7c3
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/server/index.ts
@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+export { default } from './plugin';
diff --git a/packages/plugins/@nocobase/plugin-environment-variables/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-environment-variables/src/server/plugin.ts
new file mode 100644
index 0000000000..5ba742014c
--- /dev/null
+++ b/packages/plugins/@nocobase/plugin-environment-variables/src/server/plugin.ts
@@ -0,0 +1,175 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+import { Plugin } from '@nocobase/server';
+import path from 'path';
+import AesEncryptor from './AesEncryptor';
+
+export class PluginEnvironmentVariablesServer extends Plugin {
+  aesEncryptor: AesEncryptor;
+  updated = false;
+  async handleSyncMessage(message) {
+    const { type, name, value } = message;
+    if (type === 'updated') {
+      this.updated = true;
+    } else if (type === 'setVariable') {
+      this.app.environment.setVariable(name, value);
+    } else if (type === 'removeVariable') {
+      this.app.environment.removeVariable(name);
+      this.updated = true;
+    }
+  }
+
+  async load() {
+    this.createAesEncryptor();
+    this.registerACL();
+    this.onEnvironmentSaved();
+    await this.loadVariables();
+  }
+
+  async createAesEncryptor() {
+    const key = await AesEncryptor.getOrGenerateKey(
+      path.resolve(process.cwd(), 'storage', this.name, this.app.name, 'aes_key.dat'),
+    );
+    this.aesEncryptor = new AesEncryptor(key);
+  }
+
+  registerACL() {
+    this.app.acl.allow('environmentVariables', 'list', 'loggedIn');
+    this.app.acl.registerSnippet({
+      name: `pm.${this.name}`,
+      actions: ['environmentVariables:*', 'app:refresh'],
+    });
+  }
+
+  async listEnvironmentVariables() {
+    const repository = this.db.getRepository('environmentVariables');
+    const items = await repository.find({
+      sort: 'name',
+    });
+
+    return items.map(({ name, type }) => ({ name, type }));
+  }
+
+  async setEnvironmentVariablesByText(texts: Array<{ text: string; secret: boolean }>) {
+    /*
+    text format:
+    KEY1=VALUE1
+    KEY2=VALUE2
+    # This is a comment
+    KEY3=VALUE3
+    */
+    const repository = this.db.getRepository('environmentVariables');
+
+    for (const { text, secret } of texts) {
+      // Split by newline and process each line
+      const lines = text
+        .split('\n')
+        .map((line) => line.trim()) // Remove leading/trailing spaces
+        .filter((line) => line && !line.startsWith('#')); // Remove empty lines and comments
+
+      for (const line of lines) {
+        // Find first '=' to support values containing '='
+        const equalIndex = line.indexOf('=');
+        if (equalIndex === -1) {
+          this.app.log.warn(`Invalid environment variable format: ${line}`);
+          continue;
+        }
+
+        const key = line.slice(0, equalIndex).trim();
+        const value = line.slice(equalIndex + 1).trim();
+
+        if (!key || !value) {
+          this.app.log.warn(`Empty key or value found: ${line}`);
+          continue;
+        }
+
+        await repository.create({
+          values: {
+            name: key,
+            type: secret ? 'secret' : 'default',
+            value,
+          },
+        });
+      }
+    }
+  }
+
+  onEnvironmentSaved() {
+    this.db.on('environmentVariables.afterUpdate', async (model, { transaction }) => {
+      this.updated = true;
+      this.sendSyncMessage({ type: 'updated' }, { transaction });
+    });
+    this.db.on('environmentVariables.beforeSave', async (model) => {
+      if (model.type === 'secret' && model.changed('value')) {
+        const encrypted = await this.aesEncryptor.encrypt(model.value);
+        model.set('value', encrypted);
+      }
+    });
+    this.app.resourceManager.registerActionHandler('environmentVariables:list', async (ctx, next) => {
+      const repository = this.db.getRepository('environmentVariables');
+      const items = await repository.find({
+        sort: 'name',
+        filter: ctx.action.params.filter,
+      });
+      for (const model of items) {
+        if (model.type === 'secret') {
+          model.set('value', undefined);
+        }
+      }
+      ctx.withoutDataWrapping = true;
+      ctx.body = {
+        data: items,
+        meta: {
+          updated: this.updated,
+        },
+      };
+      await next();
+    });
+    this.db.on('environmentVariables.afterSave', async (model, { transaction }) => {
+      if (model.type === 'secret') {
+        try {
+          const decrypted = await this.aesEncryptor.decrypt(model.value);
+          model.set('value', decrypted);
+        } catch (error) {
+          this.app.log.error(error);
+        }
+      }
+      this.app.environment.setVariable(model.name, model.value);
+      this.sendSyncMessage({ type: 'setVariable', name: model.name, value: model.value }, { transaction });
+    });
+    this.db.on('environmentVariables.afterDestroy', async (model, { transaction }) => {
+      this.app.environment.removeVariable(model.name);
+      this.updated = true;
+      this.sendSyncMessage({ type: 'removeVariable', name: model.name }, { transaction });
+    });
+  }
+
+  async loadVariables() {
+    const repository = this.db.getRepository('environmentVariables');
+    const r = await repository.collection.existsInDb();
+    if (!r) {
+      return;
+    }
+    const items = await repository.find();
+    for (const model of items) {
+      if (model.type === 'secret') {
+        try {
+          const decrypted = await this.aesEncryptor.decrypt(model.value);
+          model.set('value', decrypted);
+        } catch (error) {
+          this.app.log.error(error);
+        }
+      }
+      this.app.environment.setVariable(model.name, model.value);
+    }
+  }
+}
+
+export default PluginEnvironmentVariablesServer;
diff --git a/packages/plugins/@nocobase/plugin-field-china-region/src/server/collections/chinaRegions.ts b/packages/plugins/@nocobase/plugin-field-china-region/src/server/collections/chinaRegions.ts
index 1fafa3cb99..78304d8797 100644
--- a/packages/plugins/@nocobase/plugin-field-china-region/src/server/collections/chinaRegions.ts
+++ b/packages/plugins/@nocobase/plugin-field-china-region/src/server/collections/chinaRegions.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'skipped',
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   name: 'chinaRegions',
   autoGenId: false,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-field-sequence/src/server/collections/sequences.ts b/packages/plugins/@nocobase/plugin-field-sequence/src/server/collections/sequences.ts
index 3bf67a094c..76d48e3921 100644
--- a/packages/plugins/@nocobase/plugin-field-sequence/src/server/collections/sequences.ts
+++ b/packages/plugins/@nocobase/plugin-field-sequence/src/server/collections/sequences.ts
@@ -65,6 +65,7 @@ export default defineCollection({
       });
     },
   },
+  migrationRules: ['overwrite', 'skip'],
   name: 'sequences',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/StorageOptions.tsx b/packages/plugins/@nocobase/plugin-file-manager/src/client/StorageOptions.tsx
index 4bff41647a..f8815aa9ca 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/StorageOptions.tsx
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/StorageOptions.tsx
@@ -31,35 +31,36 @@ const schema = {
         title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       accessKeyId: {
         title: `{{t("AccessKey ID", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       accessKeySecret: {
         title: `{{t("AccessKey Secret", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Password',
+        'x-component': 'TextAreaWithGlobalScope',
+        'x-component-props': { password: true },
         required: true,
       },
       bucket: {
         title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       thumbnailRule: {
         title: 'Thumbnail rule',
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
       },
     },
   },
@@ -69,14 +70,14 @@ const schema = {
         title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       SecretId: {
         title: `{{t("SecretId", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       SecretKey: {
@@ -90,7 +91,7 @@ const schema = {
         title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
     },
@@ -101,35 +102,36 @@ const schema = {
         title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       accessKeyId: {
         title: `{{t("AccessKey ID", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       secretAccessKey: {
         title: `{{t("AccessKey Secret", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Password',
+        'x-component': 'TextAreaWithGlobalScope',
+        'x-component-props': { password: true },
         required: true,
       },
       bucket: {
         title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       },
       endpoint: {
         title: `{{t("Endpoint", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
         'x-decorator': 'FormItem',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
       },
     },
   },
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storage.ts b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storage.ts
index 953c3b6106..bad767884e 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storage.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storage.ts
@@ -55,7 +55,7 @@ const collection = {
       uiSchema: {
         title: `{{t("Access base URL", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
         required: true,
       } as ISchema,
     },
@@ -66,7 +66,7 @@ const collection = {
       uiSchema: {
         title: `{{t("Path", { ns: "${NAMESPACE}" })}}`,
         type: 'string',
-        'x-component': 'Input',
+        'x-component': 'TextAreaWithGlobalScope',
       } as ISchema,
     },
     {
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/ali-oss.tsx b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/ali-oss.tsx
index c338d335e3..dcd868160f 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/ali-oss.tsx
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/ali-oss.tsx
@@ -28,7 +28,7 @@ export default {
           title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           description: `{{t('Aliyun OSS region part of the bucket. For example: "oss-cn-beijing".', { ns: "${NAMESPACE}" })}}`,
           required: true,
         },
@@ -36,28 +36,29 @@ export default {
           title: `{{t("AccessKey ID", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         accessKeySecret: {
           title: `{{t("AccessKey Secret", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Password',
+          'x-component': 'TextAreaWithGlobalScope',
+          'x-component-props': { password: true },
           required: true,
         },
         bucket: {
           title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         thumbnailRule: {
           title: 'Thumbnail rule',
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           'x-component-props': {
             placeholder: '?x-oss-process=image/auto-orient,1/resize,m_fill,w_94,h_94/quality,q_90',
           },
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/s3.ts b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/s3.ts
index c921bdba9b..d51b88e1bd 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/s3.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/s3.ts
@@ -25,35 +25,36 @@ export default {
           title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         accessKeyId: {
           title: `{{t("AccessKey ID", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         secretAccessKey: {
           title: `{{t("AccessKey Secret", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Password',
+          'x-component': 'TextAreaWithGlobalScope',
+          'x-component-props': { password: true },
           required: true,
         },
         bucket: {
           title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         endpoint: {
           title: `{{t("Endpoint", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
         },
       },
     },
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/tx-cos.tsx b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/tx-cos.tsx
index eb985df25c..b86dc0c499 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/tx-cos.tsx
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/schemas/storageTypes/tx-cos.tsx
@@ -27,35 +27,38 @@ export default {
           title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         SecretId: {
           title: `{{t("SecretId", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         SecretKey: {
           title: `{{t("SecretKey", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Password',
+          'x-component': 'TextAreaWithGlobalScope',
+          'x-component-props': {
+            password: true,
+          },
           required: true,
         },
         Bucket: {
           title: `{{t("Bucket", { ns: "${NAMESPACE}" })}}`,
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           required: true,
         },
         thumbnailRule: {
           title: 'Thumbnail rule',
           type: 'string',
           'x-decorator': 'FormItem',
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           'x-component-props': {
             placeholder: '?imageMogr2/thumbnail/!50p',
           },
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/client/templates/file.ts b/packages/plugins/@nocobase/plugin-file-manager/src/client/templates/file.ts
index 6b9e36b082..256615b7aa 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/client/templates/file.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/client/templates/file.ts
@@ -94,7 +94,7 @@ export class FileCollectionTemplate extends CollectionTemplate {
         uiSchema: {
           type: 'string',
           title: `{{t("Path", { ns: "${NAMESPACE}" })}}`,
-          'x-component': 'Input',
+          'x-component': 'TextAreaWithGlobalScope',
           'x-read-pretty': true,
         },
       },
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/server/actions/attachments.ts b/packages/plugins/@nocobase/plugin-file-manager/src/server/actions/attachments.ts
index d514653636..5848604f60 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/server/actions/attachments.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/server/actions/attachments.ts
@@ -125,7 +125,9 @@ export async function createMiddleware(ctx: Context, next: Next) {
   const StorageRepo = ctx.db.getRepository('storages');
   const storage = await StorageRepo.findOne({ filter: storageName ? { name: storageName } : { default: true } });
 
-  ctx.storage = storage;
+  const plugin = ctx.app.pm.get(Plugin);
+  ctx.storage = plugin.parseStorage(storage);
+
   if (ctx?.request.is('multipart/*')) {
     await multipart(ctx, next);
   } else {
@@ -172,11 +174,12 @@ export async function destroyMiddleware(ctx: Context, next: Next) {
 
   let count = 0;
   const undeleted = [];
+  const plugin = ctx.app.pm.get(Plugin);
   await storages.reduce(
     (promise, storage) =>
       promise.then(async () => {
-        const storageConfig = ctx.app.pm.get(Plugin).storageTypes.get(storage.type);
-        const result = await storageConfig.delete(storage, storageGroupedRecords[storage.id]);
+        const storageConfig = plugin.storageTypes.get(storage.type);
+        const result = await storageConfig.delete(plugin.parseStorage(storage), storageGroupedRecords[storage.id]);
         count += result[0];
         undeleted.push(...result[1]);
       }),
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/attachments.ts b/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/attachments.ts
index 92cb5308b1..fc7e4c160c 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/attachments.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/attachments.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'user',
   },
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   asStrategyResource: true,
   shared: true,
   name: 'attachments',
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/storages.ts b/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/storages.ts
index 602d515223..a306fba00b 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/storages.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/server/collections/storages.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'storages',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-file-manager/src/server/server.ts b/packages/plugins/@nocobase/plugin-file-manager/src/server/server.ts
index a2b0307f98..faeb3564b4 100644
--- a/packages/plugins/@nocobase/plugin-file-manager/src/server/server.ts
+++ b/packages/plugins/@nocobase/plugin-file-manager/src/server/server.ts
@@ -10,7 +10,7 @@
 import { Plugin } from '@nocobase/server';
 import { Registry } from '@nocobase/utils';
 
-import { basename, resolve } from 'path';
+import { basename } from 'path';
 
 import { Transactionable } from '@nocobase/database';
 import fs from 'fs';
@@ -58,6 +58,10 @@ export default class PluginFileManagerServer extends Plugin {
     return await collectionRepository.create({ values: { ...data, ...values }, transaction });
   }
 
+  parseStorage(instance) {
+    return this.app.environment.renderJsonTemplate(instance.toJSON());
+  }
+
   async uploadFile(options: UploadFileOptions) {
     const { storageName, filePath, documentRoot } = options;
     const storageRepository = this.db.getRepository('storages');
@@ -85,6 +89,8 @@ export default class PluginFileManagerServer extends Plugin {
       throw new Error('[file-manager] no linked or default storage provided');
     }
 
+    storageInstance = this.parseStorage(storageInstance);
+
     if (documentRoot) {
       storageInstance.options['documentRoot'] = documentRoot;
     }
@@ -123,7 +129,7 @@ export default class PluginFileManagerServer extends Plugin {
     });
     this.storagesCache = new Map();
     for (const storage of storages) {
-      this.storagesCache.set(storage.get('id'), storage.toJSON());
+      this.storagesCache.set(storage.get('id'), this.parseStorage(storage));
     }
     this.db['_fileStorages'] = this.storagesCache;
   }
@@ -158,7 +164,7 @@ export default class PluginFileManagerServer extends Plugin {
         filterByTk: message.storageId,
       });
       if (storage) {
-        this.storagesCache.set(storage.id, storage.toJSON());
+        this.storagesCache.set(storage.id, this.parseStorage(storage));
       }
     }
     if (message.type === 'storageRemove') {
@@ -185,10 +191,6 @@ export default class PluginFileManagerServer extends Plugin {
     this.storageTypes.register(STORAGE_TYPE_S3, new StorageTypeS3());
     this.storageTypes.register(STORAGE_TYPE_TX_COS, new StorageTypeTxCos());
 
-    await this.db.import({
-      directory: resolve(__dirname, './collections'),
-    });
-
     const Storage = this.db.getModel('storages');
     Storage.afterSave((m, { transaction }) => {
       this.storagesCache.set(m.id, m.toJSON());
@@ -216,14 +218,6 @@ export default class PluginFileManagerServer extends Plugin {
       actions: ['storages:*'],
     });
 
-    this.db.addMigrations({
-      namespace: 'file-manager',
-      directory: resolve(__dirname, 'migrations'),
-      context: {
-        plugin: this,
-      },
-    });
-
     initActions(this);
 
     this.app.acl.allow('attachments', 'upload', 'loggedIn');
diff --git a/packages/plugins/@nocobase/plugin-graph-collection-manager/src/server/collections/graphPositions.ts b/packages/plugins/@nocobase/plugin-graph-collection-manager/src/server/collections/graphPositions.ts
index abd7cef97d..fde0b728d4 100644
--- a/packages/plugins/@nocobase/plugin-graph-collection-manager/src/server/collections/graphPositions.ts
+++ b/packages/plugins/@nocobase/plugin-graph-collection-manager/src/server/collections/graphPositions.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'graphPositions',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-texts.ts b/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-texts.ts
index 5608720d01..b8a68735ec 100644
--- a/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-texts.ts
+++ b/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-texts.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'required',
   },
+  migrationRules: ['overwrite', 'skip'],
   name: 'localizationTexts',
   model: 'LocalizationTextModel',
   createdBy: true,
diff --git a/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-translations.ts b/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-translations.ts
index 99edf470ca..c321d30427 100644
--- a/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-translations.ts
+++ b/packages/plugins/@nocobase/plugin-localization/src/server/collections/localization-translations.ts
@@ -14,6 +14,7 @@ export default defineCollection({
   dumpRules: {
     group: 'required',
   },
+  migrationRules: ['overwrite', 'skip'],
   name: 'localizationTranslations',
   model: 'LocalizationTranslationModel',
   createdBy: true,
diff --git a/packages/plugins/@nocobase/plugin-map/src/client/components/Configuration.tsx b/packages/plugins/@nocobase/plugin-map/src/client/components/Configuration.tsx
index aa6d850aaf..589ef5185a 100644
--- a/packages/plugins/@nocobase/plugin-map/src/client/components/Configuration.tsx
+++ b/packages/plugins/@nocobase/plugin-map/src/client/components/Configuration.tsx
@@ -7,9 +7,8 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { useAPIClient, useCompile, useLocationSearch } from '@nocobase/client';
-import { useBoolean } from 'ahooks';
-import { Button, Card, Form, Input, Tabs, message } from 'antd';
+import { TextAreaWithGlobalScope, useAPIClient, useCompile, useLocationSearch } from '@nocobase/client';
+import { Button, Card, Form, Tabs, message } from 'antd';
 import React, { useEffect, useMemo } from 'react';
 import { MapTypes } from '../constants';
 import { MapConfigurationResourceKey, getSSKey, useMapConfiguration } from '../hooks';
@@ -20,14 +19,12 @@ interface BaseConfigurationProps {
 }
 const BaseConfiguration: React.FC<BaseConfigurationProps> = ({ type, children }) => {
   const { t } = useMapTranslation();
-  const [isDisabled, disableAction] = useBoolean(false);
   const apiClient = useAPIClient();
   const [form] = Form.useForm();
-  const data = useMapConfiguration(type);
+  const data = useMapConfiguration(type, false);
   useEffect(() => {
     if (data) {
       form.setFieldsValue(data);
-      disableAction.toggle();
     }
   }, [data]);
 
@@ -43,7 +40,6 @@ const BaseConfiguration: React.FC<BaseConfigurationProps> = ({ type, children })
       })
       .then((res) => {
         sessionStorage.removeItem(getSSKey(type));
-        disableAction.toggle();
         message.success(t('Saved successfully'));
       })
       .catch((err) => {
@@ -51,19 +47,13 @@ const BaseConfiguration: React.FC<BaseConfigurationProps> = ({ type, children })
       });
   };
   return (
-    <Form disabled={isDisabled} form={form} layout="vertical" onFinish={onSubmit}>
+    <Form form={form} layout="vertical" onFinish={onSubmit}>
       {children}
-      {isDisabled ? (
-        <Button disabled={false} onClick={disableAction.toggle}>
-          {t('Edit')}
+      <Form.Item>
+        <Button disabled={false} type="primary" htmlType="submit">
+          {t('Submit')}
         </Button>
-      ) : (
-        <Form.Item>
-          <Button disabled={false} type="primary" htmlType="submit">
-            {t('Save')}
-          </Button>
-        </Form.Item>
-      )}
+      </Form.Item>
     </Form>
   );
 };
@@ -73,10 +63,10 @@ const AMapConfiguration = () => {
   return (
     <BaseConfiguration type="amap">
       <Form.Item required name="accessKey" label={t('Access key')}>
-        <Input />
+        <TextAreaWithGlobalScope />
       </Form.Item>
       <Form.Item required name="securityJsCode" label={t('securityJsCode or serviceHost')}>
-        <Input />
+        <TextAreaWithGlobalScope />
       </Form.Item>
     </BaseConfiguration>
   );
@@ -87,7 +77,7 @@ const GoogleMapConfiguration = () => {
   return (
     <BaseConfiguration type="google">
       <Form.Item required name="accessKey" label={t('Api key')}>
-        <Input />
+        <TextAreaWithGlobalScope />
       </Form.Item>
     </BaseConfiguration>
   );
diff --git a/packages/plugins/@nocobase/plugin-map/src/client/components/GoogleMaps/Map.tsx b/packages/plugins/@nocobase/plugin-map/src/client/components/GoogleMaps/Map.tsx
index 631e154fed..59c0ded9ff 100644
--- a/packages/plugins/@nocobase/plugin-map/src/client/components/GoogleMaps/Map.tsx
+++ b/packages/plugins/@nocobase/plugin-map/src/client/components/GoogleMaps/Map.tsx
@@ -316,7 +316,7 @@ export const GoogleMapsComponent = React.forwardRef<GoogleMapForwardedRefProps,
       // google maps api error
       const error = console.error;
       console.error = (err, ...args) => {
-        if (err?.includes('InvalidKeyMapError')) {
+        if (err?.includes?.('InvalidKeyMapError')) {
           setErrMessage(t('Load google maps failed, Please check the Api key and refresh the page'));
         }
         error(err, ...args);
diff --git a/packages/plugins/@nocobase/plugin-map/src/client/hooks/useMapConfiguration.ts b/packages/plugins/@nocobase/plugin-map/src/client/hooks/useMapConfiguration.ts
index eec8ccefa1..3050984068 100644
--- a/packages/plugins/@nocobase/plugin-map/src/client/hooks/useMapConfiguration.ts
+++ b/packages/plugins/@nocobase/plugin-map/src/client/hooks/useMapConfiguration.ts
@@ -15,7 +15,7 @@ export const getSSKey = (type) => {
   return `NOCOBASE_PLUGIN_MAP_CONFIGURATION_${type}`;
 };
 
-export const useMapConfiguration = (type: string) => {
+export const useMapConfiguration = (type: string, caching = true) => {
   // cache
   const config = useMemo(() => {
     const d = sessionStorage.getItem(getSSKey(type));
@@ -32,20 +32,24 @@ export const useMapConfiguration = (type: string) => {
       resource: MapConfigurationResourceKey,
       action: 'get',
       params: {
+        isRaw: !caching,
         type,
       },
     },
     {
       onSuccess(data) {
+        if (!caching) {
+          return;
+        }
         sessionStorage.setItem(getSSKey(type), JSON.stringify(data?.data));
       },
       refreshOnWindowFocus: false,
       refreshDeps: [],
-      manual: config ? true : false,
+      manual: config && caching ? true : false,
     },
   );
 
-  if (config) return config;
+  if (config && caching) return config;
 
   return data?.data;
 };
diff --git a/packages/plugins/@nocobase/plugin-map/src/client/index.tsx b/packages/plugins/@nocobase/plugin-map/src/client/index.tsx
index 8a98c302c3..02844a263f 100644
--- a/packages/plugins/@nocobase/plugin-map/src/client/index.tsx
+++ b/packages/plugins/@nocobase/plugin-map/src/client/index.tsx
@@ -55,7 +55,7 @@ export class PluginMapClient extends Plugin {
       Component: 'MapBlockInitializer',
     });
     this.app.pluginSettingsManager.add(NAMESPACE, {
-      title: `{{t("Map Manager", { ns: "${NAMESPACE}" })}}`,
+      title: `{{t("Map manager", { ns: "${NAMESPACE}" })}}`,
       icon: 'EnvironmentOutlined',
       Component: Configuration,
       aclSnippet: 'pm.map.configuration',
diff --git a/packages/plugins/@nocobase/plugin-map/src/locale/en-US.json b/packages/plugins/@nocobase/plugin-map/src/locale/en-US.json
index 38f0a8d79a..06060a7cf8 100644
--- a/packages/plugins/@nocobase/plugin-map/src/locale/en-US.json
+++ b/packages/plugins/@nocobase/plugin-map/src/locale/en-US.json
@@ -19,7 +19,7 @@
   "Enter keywords to search": "Enter keywords to search",
   "The AccessKey is incorrect, please check it": "The AccessKey is incorrect, please check it",
   "Please configure the AMap securityCode or serviceHost correctly": "Please configure the AMap securityCode or serviceHost correctly",
-  "Map Manager": "Map Manager",
+  "Map manager": "Map manager",
   "Configuration": "Configuration",
   "Saved successfully": "Saved successfully",
   "Saved failed": "Saved failed",
diff --git a/packages/plugins/@nocobase/plugin-map/src/locale/ja-JP.json b/packages/plugins/@nocobase/plugin-map/src/locale/ja-JP.json
index 82ba22ea7c..453942976a 100644
--- a/packages/plugins/@nocobase/plugin-map/src/locale/ja-JP.json
+++ b/packages/plugins/@nocobase/plugin-map/src/locale/ja-JP.json
@@ -19,7 +19,7 @@
   "Enter keywords to search": "キーワードを入力して検索してください（省/市名を含める必要があります）",
   "The AccessKey is incorrect, please check it": "AccessKeyが正しくありません、確認してください",
   "Please configure the AMap securityCode or serviceHost correctly": "AMapのsecurityCodeまたはserviceHostを正しく設定してください",
-  "Map Manager": "マップ管理",
+  "Map manager": "マップ管理",
   "Configuration": "設定",
   "Saved successfully": "正常に保存されました",
   "Saved failed": "保存に失敗しました",
diff --git a/packages/plugins/@nocobase/plugin-map/src/locale/ko-KR.json b/packages/plugins/@nocobase/plugin-map/src/locale/ko-KR.json
index 7c302a860d..40c612adc3 100644
--- a/packages/plugins/@nocobase/plugin-map/src/locale/ko-KR.json
+++ b/packages/plugins/@nocobase/plugin-map/src/locale/ko-KR.json
@@ -19,7 +19,7 @@
   "Enter keywords to search": "검색할 키워드 입력 (시/도를 반드시 포함해야 함)",
   "The AccessKey is incorrect, please check it": "액세스 키가 올바르지 않습니다. 확인해 주세요",
   "Please configure the AMap securityCode or serviceHost correctly": "AMap securityCode 또는 serviceHost를 올바르게 구성해 주세요",
-  "Map Manager": "지도 관리자",
+  "Map manager": "지도 관리자",
   "Configuration": "구성",
   "Saved successfully": "성공적으로 저장되었습니다",
   "Saved failed": "저장 실패",
diff --git a/packages/plugins/@nocobase/plugin-map/src/locale/pt-BR.json b/packages/plugins/@nocobase/plugin-map/src/locale/pt-BR.json
index aaf9e78db4..71008e840b 100644
--- a/packages/plugins/@nocobase/plugin-map/src/locale/pt-BR.json
+++ b/packages/plugins/@nocobase/plugin-map/src/locale/pt-BR.json
@@ -18,7 +18,7 @@
   "Enter keywords to search": "Digite palavras-chave para buscar",
   "The AccessKey is incorrect, please check it": "A chave de acesso está incorreta, por favor verifique",
   "Please configure the AMap securityCode or serviceHost correctly": "Por favor, configure o securityCode ou serviceHost do AMap corretamente",
-  "Map Manager": "Gerenciador de Mapa",
+  "Map manager": "Gerenciador de Mapa",
   "Configuration": "Configuração",
   "Saved successfully": "Salvo com sucesso",
   "Saved failed": "Falha ao salvar",
diff --git a/packages/plugins/@nocobase/plugin-map/src/locale/zh-CN.json b/packages/plugins/@nocobase/plugin-map/src/locale/zh-CN.json
index f3b71faf65..a55d5e3778 100644
--- a/packages/plugins/@nocobase/plugin-map/src/locale/zh-CN.json
+++ b/packages/plugins/@nocobase/plugin-map/src/locale/zh-CN.json
@@ -19,7 +19,7 @@
   "Enter keywords to search": "输入地方名关键字搜索（必须包含省/市）",
   "The AccessKey is incorrect, please check it": "访问密钥不正确，请检查",
   "Please configure the AMap securityCode or serviceHost correctly": "请正确配置高德地图 securityCode 或 serviceHost",
-  "Map Manager": "地图管理",
+  "Map manager": "地图管理",
   "Configuration": "配置",
   "Saved successfully": "保存成功",
   "Saved failed": "保存失败",
diff --git a/packages/plugins/@nocobase/plugin-map/src/server/actions/index.ts b/packages/plugins/@nocobase/plugin-map/src/server/actions/index.ts
index 18ec406f87..3128531c34 100644
--- a/packages/plugins/@nocobase/plugin-map/src/server/actions/index.ts
+++ b/packages/plugins/@nocobase/plugin-map/src/server/actions/index.ts
@@ -12,7 +12,7 @@ import { MapConfigurationCollectionName } from '../constants';
 
 export const getConfiguration = async (ctx: Context, next) => {
   const {
-    params: { type },
+    params: { type, isRaw },
   } = ctx.action;
 
   const repo = ctx.db.getRepository(MapConfigurationCollectionName);
@@ -21,8 +21,8 @@ export const getConfiguration = async (ctx: Context, next) => {
       type,
     },
   });
-
-  ctx.body = record;
+  const body = record ? record.toJSON() : {};
+  ctx.body = isRaw === true || isRaw === 'true' ? body : ctx.app.environment.renderJsonTemplate(body);
   return next();
 };
 
diff --git a/packages/plugins/@nocobase/plugin-map/src/server/collections/mapConfiguration.ts b/packages/plugins/@nocobase/plugin-map/src/server/collections/mapConfiguration.ts
index 7031a0ef59..6f45496991 100644
--- a/packages/plugins/@nocobase/plugin-map/src/server/collections/mapConfiguration.ts
+++ b/packages/plugins/@nocobase/plugin-map/src/server/collections/mapConfiguration.ts
@@ -14,6 +14,7 @@ export default defineCollection({
   dumpRules: {
     group: 'third-party',
   },
+  migrationRules: ['overwrite', 'skip'],
   name: MapConfigurationCollectionName,
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-map/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-map/src/server/plugin.ts
index 08a9ceb90c..2f71ea191b 100644
--- a/packages/plugins/@nocobase/plugin-map/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-map/src/server/plugin.ts
@@ -8,11 +8,10 @@
  */
 
 import { InstallOptions, Plugin } from '@nocobase/server';
-import path from 'path';
 import { getConfiguration, setConfiguration } from './actions';
 import { CircleField, LineStringField, PointField, PolygonField } from './fields';
-import { CircleValueParser, LineStringValueParser, PointValueParser, PolygonValueParser } from './value-parsers';
 import { CircleInterface, LineStringInterface, PointInterface, PolygonInterface } from './interfaces';
+import { CircleValueParser, LineStringValueParser, PointValueParser, PolygonValueParser } from './value-parsers';
 
 export class PluginMapServer extends Plugin {
   afterAdd() {}
@@ -39,9 +38,7 @@ export class PluginMapServer extends Plugin {
   }
 
   async load() {
-    await this.importCollections(path.resolve(__dirname, 'collections'));
-
-    this.app.resource({
+    this.app.resourceManager.define({
       name: 'map-configuration',
       actions: {
         get: getConfiguration,
diff --git a/packages/plugins/@nocobase/plugin-mobile/src/server/collections/mobileRoutes.ts b/packages/plugins/@nocobase/plugin-mobile/src/server/collections/mobileRoutes.ts
index 5dff896a86..b1a977d382 100644
--- a/packages/plugins/@nocobase/plugin-mobile/src/server/collections/mobileRoutes.ts
+++ b/packages/plugins/@nocobase/plugin-mobile/src/server/collections/mobileRoutes.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   name: 'mobileRoutes',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   title: 'mobileRoutes',
   inherit: false,
   hidden: false,
diff --git a/packages/plugins/@nocobase/plugin-multi-app-manager/src/server/collections/applications.ts b/packages/plugins/@nocobase/plugin-multi-app-manager/src/server/collections/applications.ts
index 4f863437a3..04f2b7bcf8 100644
--- a/packages/plugins/@nocobase/plugin-multi-app-manager/src/server/collections/applications.ts
+++ b/packages/plugins/@nocobase/plugin-multi-app-manager/src/server/collections/applications.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'third-party',
   },
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   name: 'applications',
   model: 'ApplicationModel',
   autoGenId: false,
diff --git a/packages/plugins/@nocobase/plugin-notification-email/src/client/ConfigForm.tsx b/packages/plugins/@nocobase/plugin-notification-email/src/client/ConfigForm.tsx
index b0a26b386f..294b53bf23 100644
--- a/packages/plugins/@nocobase/plugin-notification-email/src/client/ConfigForm.tsx
+++ b/packages/plugins/@nocobase/plugin-notification-email/src/client/ConfigForm.tsx
@@ -9,10 +9,13 @@
 
 import { SchemaComponent } from '@nocobase/client';
 import React from 'react';
+
 import { useNotifyMailTranslation } from './hooks/useTranslation';
+
 export const ChannelConfigForm = () => {
   const { t } = useNotifyMailTranslation();
   return (
+    // @ts-ignore
     <SchemaComponent
       scope={{ t }}
       schema={{
@@ -47,7 +50,7 @@ export const ChannelConfigForm = () => {
                         type: 'string',
                         title: '{{t("Host")}}',
                         description: '{{t("SMTP server host")}}',
-                        'x-component': 'Input',
+                        'x-component': 'TextAreaWithGlobalScope',
                         'x-component-props': {
                           placeholder: 'smtp.example.com',
                         },
@@ -59,18 +62,26 @@ export const ChannelConfigForm = () => {
                     type: 'void',
                     'x-component': 'Grid.Col',
                     'x-component-props': {
-                      width: 16,
+                      width: 25,
                     },
                     properties: {
                       port: {
                         'x-decorator': 'FormItem',
                         type: 'number',
                         title: '{{t("Port")}}',
-                        'x-component': 'InputNumber',
+                        'x-component': 'TextAreaWithGlobalScope',
                         'x-component-props': {
-                          min: 1,
-                          max: 65535,
-                          step: 1,
+                          number: true,
+                          useTypedConstant: [
+                            [
+                              'number',
+                              {
+                                min: 1,
+                                max: 65535,
+                                step: 1,
+                              },
+                            ],
+                          ],
                         },
                         default: 465,
                         required: true,
@@ -81,14 +92,18 @@ export const ChannelConfigForm = () => {
                     type: 'void',
                     'x-component': 'Grid.Col',
                     'x-component-props': {
-                      width: 16,
+                      width: 25,
                     },
                     properties: {
                       secure: {
-                        'x-decorator': 'FormItem',
                         type: 'boolean',
                         title: '{{t("Secure")}}',
-                        'x-component': 'Checkbox',
+                        'x-decorator': 'FormItem',
+                        'x-component': 'TextAreaWithGlobalScope',
+                        'x-component-props': {
+                          boolean: true,
+                          useTypedConstant: [['boolean', { style: { width: '100%' } }]],
+                        },
                         default: true,
                       },
                     },
@@ -114,7 +129,7 @@ export const ChannelConfigForm = () => {
                         'x-decorator': 'FormItem',
                         type: 'boolean',
                         title: '{{t("Account")}}',
-                        'x-component': 'Input',
+                        'x-component': 'TextAreaWithGlobalScope',
                         'x-component-props': {
                           placeholder: 'example@domain.com',
                         },
@@ -131,7 +146,8 @@ export const ChannelConfigForm = () => {
                         'x-decorator': 'FormItem',
                         type: 'boolean',
                         title: '{{t("Password")}}',
-                        'x-component': 'Password',
+                        'x-component': 'TextAreaWithGlobalScope',
+                        'x-component-props': { password: true },
                         required: true,
                       },
                     },
@@ -146,8 +162,8 @@ export const ChannelConfigForm = () => {
                     type: 'void',
                     'x-component': 'Grid.Col',
                     'x-component-props': {
-                      width: 50,
-                      flex: 'none',
+                      // width: 50,
+                      // flex: 'none',
                     },
                     properties: {
                       from: {
@@ -156,7 +172,7 @@ export const ChannelConfigForm = () => {
                         title: `{{t("From")}}`,
                         description: `{{t("The email address that will be used as the sender")}}`,
                         'x-decorator': 'FormItem',
-                        'x-component': 'Input',
+                        'x-component': 'TextAreaWithGlobalScope',
                         'x-component-props': {
                           // useTypedConstant: ['string'],
                           placeholder: `noreply <example@domain.com>`,
@@ -164,14 +180,6 @@ export const ChannelConfigForm = () => {
                       },
                     },
                   },
-                  col2: {
-                    type: 'void',
-                    'x-component': 'Grid.Col',
-                    'x-component-props': {
-                      width: 50,
-                      flex: 'none',
-                    },
-                  },
                 },
               },
             },
diff --git a/packages/plugins/@nocobase/plugin-notification-in-app-message/src/types/messages.ts b/packages/plugins/@nocobase/plugin-notification-in-app-message/src/types/messages.ts
index 231ebe7938..f283a66bf6 100644
--- a/packages/plugins/@nocobase/plugin-notification-in-app-message/src/types/messages.ts
+++ b/packages/plugins/@nocobase/plugin-notification-in-app-message/src/types/messages.ts
@@ -13,6 +13,7 @@ import { InAppMessagesDefinition, ChannelsDefinition } from './index';
 export const messageCollection: CollectionOptions = {
   name: InAppMessagesDefinition.name,
   title: 'in-app messages',
+  migrationRules: ['schema-only', 'skip'],
   fields: [
     {
       name: InAppMessagesDefinition.fieldNameMap.id,
diff --git a/packages/plugins/@nocobase/plugin-notification-manager/src/collections/channel.ts b/packages/plugins/@nocobase/plugin-notification-manager/src/collections/channel.ts
index ae26e21203..d6493883e8 100644
--- a/packages/plugins/@nocobase/plugin-notification-manager/src/collections/channel.ts
+++ b/packages/plugins/@nocobase/plugin-notification-manager/src/collections/channel.ts
@@ -11,6 +11,7 @@ import { COLLECTION_NAME } from '../constant';
 
 export default {
   name: COLLECTION_NAME.channels,
+  migrationRules: ['overwrite', 'skip'],
   filterTargetKey: 'name',
   autoGenId: false,
   createdAt: true,
diff --git a/packages/plugins/@nocobase/plugin-notification-manager/src/collections/messageLog.ts b/packages/plugins/@nocobase/plugin-notification-manager/src/collections/messageLog.ts
index 4e151eb289..462a547f92 100644
--- a/packages/plugins/@nocobase/plugin-notification-manager/src/collections/messageLog.ts
+++ b/packages/plugins/@nocobase/plugin-notification-manager/src/collections/messageLog.ts
@@ -11,6 +11,7 @@ import { COLLECTION_NAME } from '../constant';
 
 export default {
   name: COLLECTION_NAME.logs,
+  migrationRules: ['schema-only', 'skip'],
   title: 'MessageLogs',
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/channels.ts b/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/channels.ts
index 2a0b172095..16d95be0d4 100644
--- a/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/channels.ts
+++ b/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/channels.ts
@@ -7,7 +7,7 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { defineCollection } from '@nocobase/database';
+import { CollectionOptions, defineCollection } from '@nocobase/database';
 import collectionOption from '../../collections/channel';
 
-export default defineCollection(collectionOption);
+export default defineCollection(collectionOption as CollectionOptions);
diff --git a/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/messageLogs.ts b/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/messageLogs.ts
index ce4815a858..8ddff27139 100644
--- a/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/messageLogs.ts
+++ b/packages/plugins/@nocobase/plugin-notification-manager/src/server/collections/messageLogs.ts
@@ -7,7 +7,7 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-import { defineCollection } from '@nocobase/database';
+import { CollectionOptions, defineCollection } from '@nocobase/database';
 import collectionOption from '../../collections/messageLog';
 
-export default defineCollection(collectionOption);
+export default defineCollection(collectionOption as CollectionOptions);
diff --git a/packages/plugins/@nocobase/plugin-notification-manager/src/server/manager.ts b/packages/plugins/@nocobase/plugin-notification-manager/src/server/manager.ts
index 335969f97e..77ab8b1fae 100644
--- a/packages/plugins/@nocobase/plugin-notification-manager/src/server/manager.ts
+++ b/packages/plugins/@nocobase/plugin-notification-manager/src/server/manager.ts
@@ -36,9 +36,15 @@ export class NotificationManager implements NotificationManager {
     return logsRepo.create({ values: options });
   };
 
+  async findChannel(name: string) {
+    const repository = this.plugin.app.db.getRepository(COLLECTION_NAME.channels);
+    const instance = await repository.findOne({ filterByTk: name });
+    return this.plugin.app.environment.renderJsonTemplate(instance.toJSON());
+  }
+
   async send(params: SendOptions) {
     this.plugin.logger.info('receive sending message request', params);
-    const channelsRepo = this.plugin.app.db.getRepository(COLLECTION_NAME.channels);
+    console.log('receive sending message request', params);
     const message = compile(params.message ?? {}, params.data ?? {});
     const messageData = { ...(params.receivers ? { receivers: params.receivers } : {}), ...message };
     const logData: any = {
@@ -47,7 +53,7 @@ export class NotificationManager implements NotificationManager {
       message: messageData,
     };
     try {
-      const channel = await channelsRepo.findOne({ filterByTk: params.channelName });
+      const channel = await this.findChannel(params.channelName);
       if (channel) {
         const Channel = this.channelTypes.get(channel.notificationType).Channel;
         const instance = new Channel(this.plugin.app);
diff --git a/packages/plugins/@nocobase/plugin-notifications/src/server/server.ts b/packages/plugins/@nocobase/plugin-notifications/src/server/server.ts
index ae05319348..f81371f03d 100644
--- a/packages/plugins/@nocobase/plugin-notifications/src/server/server.ts
+++ b/packages/plugins/@nocobase/plugin-notifications/src/server/server.ts
@@ -8,12 +8,7 @@
  */
 
 import { Plugin } from '@nocobase/server';
-import path from 'path';
 
 export default class PluginNotificationsServer extends Plugin {
-  async load() {
-    await this.app.db.import({
-      directory: path.resolve(__dirname, 'collections'),
-    });
-  }
+  async load() {}
 }
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/client/collections/publicForms.ts b/packages/plugins/@nocobase/plugin-public-forms/src/client/collections/publicForms.ts
index 49d8256fe4..d3da09e8b8 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/client/collections/publicForms.ts
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/client/collections/publicForms.ts
@@ -62,9 +62,10 @@ export const publicFormsCollection = {
       uiSchema: {
         type: 'string',
         title: "{{t('Password')}}",
-        'x-component': 'Password',
+        'x-component': 'TextAreaWithGlobalScope',
         'x-component-props': {
           autocomplete: 'new-password',
+          password: true,
         },
       },
     },
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/client/components/AdminPublicFormPage.tsx b/packages/plugins/@nocobase/plugin-public-forms/src/client/components/AdminPublicFormPage.tsx
index cd585349a2..0320a6c9ed 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/client/components/AdminPublicFormPage.tsx
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/client/components/AdminPublicFormPage.tsx
@@ -21,8 +21,11 @@ import {
   Checkbox,
   VariablesProvider,
   useApp,
+  TextAreaWithGlobalScope,
+  ApplicationContext,
+  useGlobalVariable,
 } from '@nocobase/client';
-import { Breadcrumb, Button, Dropdown, Space, Spin, Switch, Input, message, Popover, QRCode } from 'antd';
+import { Breadcrumb, Button, Dropdown, Space, Spin, Switch, message, Popover, QRCode } from 'antd';
 import React, { useState } from 'react';
 import { useParams } from 'react-router';
 import { Link } from 'react-router-dom';
@@ -59,6 +62,7 @@ export function AdminPublicFormPage() {
   const { theme } = useGlobalTheme();
   const apiClient = useAPIClient();
   const app = useApp();
+  const environmentCtx = useGlobalVariable('$env');
   const { data, loading, refresh } = useRequest<any>({
     url: `publicForms:get/${params.name}`,
   });
@@ -73,27 +77,32 @@ export function AdminPublicFormPage() {
     });
     await refresh();
   };
-
   const handleSetPassword = async () => {
     const values = await FormDialog(
       t('Password') as any,
       () => {
         return (
-          <SchemaComponentOptions components={{ Checkbox, Input, FormItem }}>
-            <FormLayout layout={'vertical'}>
-              <SchemaComponent
-                schema={{
-                  properties: {
-                    password: {
-                      type: 'string',
-                      'x-decorator': 'FormItem',
-                      'x-component': 'Input.Password',
+          <ApplicationContext.Provider value={app}>
+            <SchemaComponentOptions components={{ Checkbox, TextAreaWithGlobalScope, FormItem }}>
+              <FormLayout layout={'vertical'}>
+                <SchemaComponent
+                  schema={{
+                    properties: {
+                      password: {
+                        type: 'string',
+                        'x-decorator': 'FormItem',
+                        'x-component': 'TextAreaWithGlobalScope',
+                        'x-component-props': {
+                          password: true,
+                          scope: [environmentCtx],
+                        },
+                      },
                     },
-                  },
-                }}
-              />
-            </FormLayout>
-          </SchemaComponentOptions>
+                  }}
+                />
+              </FormLayout>
+            </SchemaComponentOptions>
+          </ApplicationContext.Provider>
         );
       },
       theme,
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/server/collections/publicForms.ts b/packages/plugins/@nocobase/plugin-public-forms/src/server/collections/publicForms.ts
index ca04b04ce1..4c159ff8eb 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/server/collections/publicForms.ts
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/server/collections/publicForms.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   name: 'publicForms',
   filterTargetKey: 'key',
+  migrationRules: ['overwrite', 'skip'],
   createdBy: true,
   updatedBy: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts b/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
index 221eb00506..90604e3596 100644
--- a/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
+++ b/packages/plugins/@nocobase/plugin-public-forms/src/server/plugin.ts
@@ -65,7 +65,7 @@ export class PluginPublicFormsServer extends Plugin {
             passwordRequired: true,
           };
         }
-        if (instance.get('password') !== password) {
+        if (this.app.environment.renderJsonTemplate(instance.get('password')) !== password) {
           throw new PasswordError('Please enter your password');
         }
       }
diff --git a/packages/plugins/@nocobase/plugin-system-settings/src/server/collections/systemSettings.ts b/packages/plugins/@nocobase/plugin-system-settings/src/server/collections/systemSettings.ts
index 4bc7d0aa02..b312ca6932 100644
--- a/packages/plugins/@nocobase/plugin-system-settings/src/server/collections/systemSettings.ts
+++ b/packages/plugins/@nocobase/plugin-system-settings/src/server/collections/systemSettings.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   dumpRules: 'required',
   name: 'systemSettings',
+  migrationRules: ['overwrite', 'skip'],
   fields: [
     {
       type: 'string',
diff --git a/packages/plugins/@nocobase/plugin-system-settings/src/server/server.ts b/packages/plugins/@nocobase/plugin-system-settings/src/server/server.ts
index 87d51fb5e7..0d601e1485 100644
--- a/packages/plugins/@nocobase/plugin-system-settings/src/server/server.ts
+++ b/packages/plugins/@nocobase/plugin-system-settings/src/server/server.ts
@@ -45,6 +45,18 @@ export class PluginSystemSettingsServer extends Plugin {
     });
   }
 
+  async getSystemSettingsInstance() {
+    const repository = this.db.getRepository('systemSettings');
+    const instance = await repository.findOne({
+      filterByTk: 1,
+      appends: ['logo'],
+    });
+    const json = instance.toJSON();
+    json.raw_title = json.title;
+    json.title = this.app.environment.renderJsonTemplate(instance.title);
+    return json;
+  }
+
   beforeLoad() {
     const cmd = this.app.findCommand('install');
     if (cmd) {
@@ -53,19 +65,42 @@ export class PluginSystemSettingsServer extends Plugin {
 
     this.app.acl.registerSnippet({
       name: `pm.${this.name}.system-settings`,
-      actions: ['systemSettings:update'],
+      actions: ['systemSettings:put'],
     });
   }
 
   async load() {
-    await this.importCollections(resolve(__dirname, 'collections'));
-
     this.app.acl.addFixedParams('systemSettings', 'destroy', () => {
       return {
         'id.$ne': 1,
       };
     });
-
+    this.app.resourceManager.define({
+      name: 'systemSettings',
+      actions: {
+        get: async (ctx, next) => {
+          try {
+            ctx.body = await this.getSystemSettingsInstance();
+          } catch (error) {
+            throw error;
+          }
+          await next();
+        },
+        put: async (ctx, next) => {
+          const repository = this.db.getRepository('systemSettings');
+          const values = ctx.action.params.values;
+          await repository.update({
+            filterByTk: 1,
+            values: {
+              ...values,
+              title: values.raw_title,
+            },
+          });
+          ctx.body = await this.getSystemSettingsInstance();
+          await next();
+        },
+      },
+    });
     this.app.acl.allow('systemSettings', 'get', 'public');
   }
 }
diff --git a/packages/plugins/@nocobase/plugin-theme-editor/src/server/collections/theme-config.ts b/packages/plugins/@nocobase/plugin-theme-editor/src/server/collections/theme-config.ts
index 1c157dc3ca..0b97763165 100644
--- a/packages/plugins/@nocobase/plugin-theme-editor/src/server/collections/theme-config.ts
+++ b/packages/plugins/@nocobase/plugin-theme-editor/src/server/collections/theme-config.ts
@@ -12,6 +12,7 @@ import { defineCollection } from '@nocobase/database';
 export default defineCollection({
   name: 'themeConfig',
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   fields: [
     // 主题配置内容，一个 JSON 字符串
     {
diff --git a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaServerHooks.ts b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaServerHooks.ts
index 14e82a3f26..6c97b6306a 100644
--- a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaServerHooks.ts
+++ b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaServerHooks.ts
@@ -11,6 +11,7 @@ import { CollectionOptions } from '@nocobase/database';
 
 export default {
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'uiSchemaServerHooks',
   model: 'ServerHookModel',
   // autoGenId: false,
diff --git a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTemplates.ts b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTemplates.ts
index 880925b2e8..1d4a1b5569 100644
--- a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTemplates.ts
+++ b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTemplates.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'uiSchemaTemplates',
   autoGenId: false,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTreePath.ts b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTreePath.ts
index 5614261b54..828346617d 100644
--- a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTreePath.ts
+++ b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemaTreePath.ts
@@ -11,6 +11,7 @@ import { CollectionOptions } from '@nocobase/database';
 
 export default {
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'uiSchemaTreePath',
   autoGenId: false,
   timestamps: false,
diff --git a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemas.ts b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemas.ts
index 814f7df7cb..ca0ded9ba2 100644
--- a/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemas.ts
+++ b/packages/plugins/@nocobase/plugin-ui-schema-storage/src/server/collections/uiSchemas.ts
@@ -12,6 +12,7 @@ import { CollectionOptions } from '@nocobase/database';
 export default {
   dumpRules: 'required',
   name: 'uiSchemas',
+  migrationRules: ['overwrite', 'skip'],
   autoGenId: false,
   timestamps: false,
   repository: 'UiSchemaRepository',
diff --git a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records-resources.ts b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records-resources.ts
index b104bebd58..1857a53fd3 100644
--- a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records-resources.ts
+++ b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records-resources.ts
@@ -11,6 +11,7 @@ import { defineCollection } from '@nocobase/database';
 
 export default defineCollection({
   name: 'userDataSyncRecordsResources',
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   fields: [
     {
       name: 'recordId',
diff --git a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records.ts b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records.ts
index 54e5c90bb8..f4dc8d68f6 100644
--- a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records.ts
+++ b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-records.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'third-party',
   },
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   shared: true,
   name: 'userDataSyncRecords',
   createdAt: true,
diff --git a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-sources.ts b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-sources.ts
index cedaaceadb..18fd497ae4 100644
--- a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-sources.ts
+++ b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-sources.ts
@@ -14,6 +14,7 @@ export default defineCollection({
     group: 'third-party',
   },
   shared: true,
+  migrationRules: ['overwrite', 'skip'],
   name: 'userDataSyncSources',
   title: '{{t("Sync Sources")}}',
   sortable: true,
diff --git a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-tasks.ts b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-tasks.ts
index 95d4d5de5f..6b62547a2a 100644
--- a/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-tasks.ts
+++ b/packages/plugins/@nocobase/plugin-user-data-sync/src/server/collections/user-data-sync-tasks.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'third-party',
   },
+  migrationRules: ['schema-only', 'overwrite', 'skip'],
   name: 'userDataSyncTasks',
   title: '{{t("Sync Tasks")}}',
   sortable: 'sort',
diff --git a/packages/plugins/@nocobase/plugin-users/src/server/collections/users.ts b/packages/plugins/@nocobase/plugin-users/src/server/collections/users.ts
index 94fd60bb93..8f36fd861b 100644
--- a/packages/plugins/@nocobase/plugin-users/src/server/collections/users.ts
+++ b/packages/plugins/@nocobase/plugin-users/src/server/collections/users.ts
@@ -14,6 +14,7 @@ export default defineCollection({
   dumpRules: {
     group: 'user',
   },
+  migrationRules: ['skip', 'overwrite'],
   name: 'users',
   title: '{{t("Users")}}',
   sortable: 'sort',
diff --git a/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-aliyun.ts b/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-aliyun.ts
index e124ff484f..2ccac390eb 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-aliyun.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-aliyun.ts
@@ -18,31 +18,32 @@ export default {
       title: `{{t("Access Key ID", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     accessKeySecret: {
       title: `{{t("Access Key Secret", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Password',
+      'x-component': 'TextAreaWithGlobalScope',
+      'x-component-props': { password: true },
     },
     endpoint: {
       title: `{{t("Endpoint", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     sign: {
       title: `{{t("Sign", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     template: {
       title: `{{t("Template code", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
   },
 } as ISchema;
diff --git a/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-tencent.ts b/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-tencent.ts
index 131cefe310..5b48fbe930 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-tencent.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/client/providerTypes/sms-tencent.ts
@@ -18,44 +18,45 @@ export default {
       title: `{{t("Secret Id", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     secretKey: {
       title: `{{t("Secret Key", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Password',
+      'x-component': 'TextAreaWithGlobalScope',
+      'x-component-props': { password: true },
     },
     region: {
       title: `{{t("Region", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     endpoint: {
       title: `{{t("Endpoint", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
       default: 'sms.tencentcloudapi.com',
     },
     SignName: {
       title: `{{t("Sign name", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     SmsSdkAppId: {
       title: `{{t("Sms sdk app id", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
     TemplateId: {
       title: `{{t("Template Id", { ns: "${NAMESPACE}" })}}`,
       type: 'string',
       'x-decorator': 'FormItem',
-      'x-component': 'Input',
+      'x-component': 'TextAreaWithGlobalScope',
     },
   },
 } as ISchema;
diff --git a/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/Plugin.test.ts b/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/Plugin.test.ts
index 685c5d7bbc..85a728aaf1 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/Plugin.test.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/Plugin.test.ts
@@ -28,7 +28,7 @@ describe('verification > Plugin', () => {
     app = await getApp();
     agent = app.agent();
     db = app.db;
-    plugin = <Plugin>app.getPlugin('verification');
+    plugin = <Plugin>app.pm.get('verification');
     VerificationModel = db.getCollection('verifications').model;
     AuthorModel = db.getCollection('authors').model;
     AuthorRepo = db.getCollection('authors').repository;
diff --git a/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/index.ts b/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/index.ts
index 1664d04ef7..16e0a18b09 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/index.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/server/__tests__/index.ts
@@ -8,9 +8,9 @@
  */
 
 import { MockServer, createMockServer } from '@nocobase/test';
-import path from 'path';
 
 import { ApplicationOptions } from '@nocobase/server';
+import authors from './collections/authors';
 
 export function sleep(ms: number) {
   return new Promise((resolve) => {
@@ -25,18 +25,11 @@ interface MockAppOptions extends ApplicationOptions {
 export async function getApp(options: MockAppOptions = {}): Promise<MockServer> {
   const app = await createMockServer({
     ...options,
+    async beforeInstall(app) {
+      app.db.collection(authors);
+    },
     plugins: ['verification'],
   });
 
-  await app.db.import({
-    directory: path.resolve(__dirname, './collections'),
-  });
-
-  try {
-    await app.db.sync();
-  } catch (error) {
-    console.error(error);
-  }
-
   return app;
 }
diff --git a/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications.ts b/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications.ts
index 416d8ed232..953ef6cb39 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications.ts
@@ -13,6 +13,7 @@ export default defineCollection({
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   name: 'verifications',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications_providers.ts b/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications_providers.ts
index 2391868f7b..0aa2031d43 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications_providers.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/server/collections/verifications_providers.ts
@@ -14,6 +14,7 @@ export default defineCollection({
     group: 'third-party',
   },
   name: 'verifications_providers',
+  migrationRules: ['overwrite', 'skip'],
   shared: true,
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-verification/src/server/providers/Provider.ts b/packages/plugins/@nocobase/plugin-verification/src/server/providers/Provider.ts
index 83c7117ae1..df34edb3d2 100644
--- a/packages/plugins/@nocobase/plugin-verification/src/server/providers/Provider.ts
+++ b/packages/plugins/@nocobase/plugin-verification/src/server/providers/Provider.ts
@@ -10,10 +10,13 @@
 import Plugin from '../Plugin';
 
 export class Provider {
+  protected options: any;
   constructor(
     protected plugin: Plugin,
-    protected options,
-  ) {}
+    options: any,
+  ) {
+    this.options = plugin.app.environment.renderJsonTemplate(options);
+  }
 
   async send(receiver: string, data: { [key: string]: any }): Promise<any> {}
 }
diff --git a/packages/plugins/@nocobase/plugin-workflow-manual/src/server/collections/1-users_jobs.ts b/packages/plugins/@nocobase/plugin-workflow-manual/src/server/collections/1-users_jobs.ts
index 46a9aef836..6899156881 100644
--- a/packages/plugins/@nocobase/plugin-workflow-manual/src/server/collections/1-users_jobs.ts
+++ b/packages/plugins/@nocobase/plugin-workflow-manual/src/server/collections/1-users_jobs.ts
@@ -14,6 +14,7 @@ export default defineCollection({
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   shared: true,
   fields: [
     {
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/client/variable.tsx b/packages/plugins/@nocobase/plugin-workflow/src/client/variable.tsx
index ae322519cb..d9eef733e6 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/client/variable.tsx
+++ b/packages/plugins/@nocobase/plugin-workflow/src/client/variable.tsx
@@ -8,15 +8,14 @@
  */
 
 import React, { createContext, useCallback, useContext } from 'react';
-import { useTranslation } from 'react-i18next';
 import { uniqBy } from 'lodash';
 
-import { Variable, parseCollectionName, useApp, useCompile, usePlugin, useVariableScope } from '@nocobase/client';
+import { Variable, parseCollectionName, useApp, useCompile, usePlugin, useGlobalVariable } from '@nocobase/client';
 
-import { useFlowContext } from './FlowContext';
-import { NAMESPACE, lang } from './locale';
-import { useAvailableUpstreams, useNodeContext, useUpstreamScopes } from './nodes';
 import WorkflowPlugin from '.';
+import { useFlowContext } from './FlowContext';
+import { NAMESPACE } from './locale';
+import { useAvailableUpstreams, useNodeContext, useUpstreamScopes } from './nodes';
 
 export type VariableOption = {
   key?: string;
@@ -249,9 +248,9 @@ export function useWorkflowVariableOptions(options: UseVariableOptions = {}) {
     useOptions(nodesOptions, opts),
     useOptions(triggerOptions, opts),
     useOptions(systemOptions, opts),
-  ];
+    useGlobalVariable('$env'),
+  ].filter(Boolean);
   // const cache = useMemo(() => result, [result]);
-
   return result;
 }
 
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/server/Processor.ts b/packages/plugins/@nocobase/plugin-workflow/src/server/Processor.ts
index 40a2403133..5f18d0f53e 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/server/Processor.ts
+++ b/packages/plugins/@nocobase/plugin-workflow/src/server/Processor.ts
@@ -412,6 +412,7 @@ export default class Processor {
       $jobsMapByNodeKey: this.jobsMapByNodeKey,
       $system: systemFns,
       $scopes,
+      $env: this.options.plugin.app.environment.getVariables(),
     };
   }
 
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/executions.ts b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/executions.ts
index c7a04aca38..9109e16a57 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/executions.ts
+++ b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/executions.ts
@@ -13,6 +13,7 @@ export default {
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   name: 'executions',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/flow_nodes.ts b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/flow_nodes.ts
index e68e4d837f..a12a219691 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/flow_nodes.ts
+++ b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/flow_nodes.ts
@@ -11,6 +11,7 @@ import { CollectionOptions } from '@nocobase/database';
 
 export default {
   dumpRules: 'required',
+  migrationRules: ['overwrite', 'skip'],
   name: 'flow_nodes',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/jobs.ts b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/jobs.ts
index 891b0ea8a8..8c3e6768c8 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/jobs.ts
+++ b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/jobs.ts
@@ -13,6 +13,7 @@ export default {
   dumpRules: {
     group: 'log',
   },
+  migrationRules: ['schema-only', 'skip'],
   name: 'jobs',
   shared: true,
   fields: [
diff --git a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/workflows.ts b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/workflows.ts
index 3a48596032..e28db408fd 100644
--- a/packages/plugins/@nocobase/plugin-workflow/src/server/collections/workflows.ts
+++ b/packages/plugins/@nocobase/plugin-workflow/src/server/collections/workflows.ts
@@ -12,6 +12,7 @@ import { CollectionOptions } from '@nocobase/database';
 export default function () {
   return {
     dumpRules: 'required',
+    migrationRules: ['overwrite', 'skip'],
     name: 'workflows',
     shared: true,
     repository: 'WorkflowRepository',
diff --git a/packages/presets/nocobase/package.json b/packages/presets/nocobase/package.json
index c51edecb91..6f08d26630 100644
--- a/packages/presets/nocobase/package.json
+++ b/packages/presets/nocobase/package.json
@@ -30,6 +30,7 @@
     "@nocobase/plugin-data-source-main": "1.6.0-alpha.9",
     "@nocobase/plugin-data-source-manager": "1.6.0-alpha.9",
     "@nocobase/plugin-data-visualization": "1.6.0-alpha.9",
+    "@nocobase/plugin-environment-variables": "1.6.0-alpha.9",
     "@nocobase/plugin-error-handler": "1.6.0-alpha.9",
     "@nocobase/plugin-field-china-region": "1.6.0-alpha.9",
     "@nocobase/plugin-field-formula": "1.6.0-alpha.9",
@@ -102,6 +103,7 @@
     "@nocobase/plugin-data-source-main",
     "@nocobase/plugin-data-source-manager",
     "@nocobase/plugin-data-visualization",
+    "@nocobase/plugin-environment-variables",
     "@nocobase/plugin-error-handler",
     "@nocobase/plugin-field-formula",
     "@nocobase/plugin-field-sequence",
diff --git a/storage/.gitignore b/storage/.gitignore
index 17d5242569..169690c4bb 100644
--- a/storage/.gitignore
+++ b/storage/.gitignore
@@ -1,10 +1,4 @@
-.pm2
-tmp
-app.watch.ts
-/e2e
-nocobase.conf
-app-upgrading
-/verdaccio/storage
-libs
-scripts
-.cache
\ No newline at end of file
+*
+!./db/.gitignore
+!./logs/.gitignore
+!./uploads/.gitignore
diff --git a/storage/verdaccio/config.yaml b/storage/verdaccio/config.yaml
deleted file mode 100644
index 9ea782f2f8..0000000000
--- a/storage/verdaccio/config.yaml
+++ /dev/null
@@ -1,213 +0,0 @@
-#
-# This is the default configuration file. It allows all users to do anything,
-# please read carefully the documentation and best practices to
-# improve security.
-#
-# Look here for more config file examples:
-# https://github.com/verdaccio/verdaccio/tree/5.x/conf
-#
-# Read about the best practices
-# https://verdaccio.org/docs/best
-
-# path to a directory with all packages
-storage: ./storage
-# path to a directory with plugins to include
-plugins: ./plugins
-
-# https://verdaccio.org/docs/webui
-web:
-  title: Verdaccio
-  # comment out to disable gravatar support
-  # gravatar: false
-  # by default packages are ordercer ascendant (asc|desc)
-  # sort_packages: asc
-  # convert your UI to the dark side
-  # darkMode: true
-  # html_cache: true
-  # by default all features are displayed
-  # login: true
-  # showInfo: true
-  # showSettings: true
-  # In combination with darkMode you can force specific theme
-  # showThemeSwitch: true
-  # showFooter: true
-  # showSearch: true
-  # showRaw: true
-  # showDownloadTarball: true
-  #  HTML tags injected after manifest <scripts/>
-  # scriptsBodyAfter:
-  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
-  #  HTML tags injected before ends </head>
-  #  metaScripts:
-  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
-  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
-  #    - '<meta name="robots" content="noindex" />'
-  #  HTML tags injected first child at <body/>
-  #  bodyBefore:
-  #    - '<div id="myId">html before webpack scripts</div>'
-  #  Public path for template manifest scripts (only manifest)
-  #  publicPath: http://somedomain.org/
-
-# https://verdaccio.org/docs/configuration#authentication
-auth:
-  htpasswd:
-    file: ./htpasswd
-    # Maximum amount of users allowed to register, defaults to "+inf".
-    # You can set this to -1 to disable registration.
-    # max_users: 1000
-    # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
-    # algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations
-    # Rounds number for "bcrypt", will be ignored for other algorithms.
-    # rounds: 10
-
-# https://verdaccio.org/docs/configuration#uplinks
-# a list of other known repositories we can talk to
-uplinks:
-  npmjs:
-    url: https://registry.npmjs.org/
-
-# Learn how to protect your packages
-# https://verdaccio.org/docs/protect-your-dependencies/
-# https://verdaccio.org/docs/configuration#packages
-packages:
-  '@nocobase/*':
-    # scoped packages
-    access: $all
-    publish: $all
-    unpublish: $all
-
-  'create-nocobase-app':
-    # scoped packages
-    access: $all
-    publish: $all
-    unpublish: $all
-
-  '@*/*':
-    # scoped packages
-    access: $all
-    publish: $authenticated
-    unpublish: $authenticated
-    proxy: npmjs
-
-  '**':
-    # allow all users (including non-authenticated users) to read and
-    # publish all packages
-    #
-    # you can specify usernames/groupnames (depending on your auth plugin)
-    # and three keywords: "$all", "$anonymous", "$authenticated"
-    access: $all
-
-    # allow all known users to publish/publish packages
-    # (anyone can register by default, remember?)
-    publish: $authenticated
-    unpublish: $authenticated
-
-    # if package is not available locally, proxy requests to 'npmjs' registry
-    proxy: npmjs
-
-# To improve your security configuration and  avoid dependency confusion
-# consider removing the proxy property for private packages
-# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages
-
-# https://verdaccio.org/docs/configuration#server
-# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
-# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
-# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
-server:
-  keepAliveTimeout: 60
-  # Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
-  # See: https://expressjs.com/en/guide/behind-proxies.html
-  # trustProxy: '127.0.0.1'
-
-# https://verdaccio.org/docs/configuration#offline-publish
-# publish:
-#   allow_offline: false
-
-# https://verdaccio.org/docs/configuration#url-prefix
-# url_prefix: /verdaccio/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
-# url_prefix: '/my_prefix'
-# // url -> https://somedomain.org/my_prefix/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org';
-# url_prefix: '/'
-# // url -> https://somedomain.org/
-# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
-# url_prefix: '/second_prefix'
-# // url -> https://somedomain.org/second_prefix/'
-
-# https://verdaccio.org/docs/configuration#security
-# security:
-#   api:
-#     legacy: true
-#     # recomended set to true for older installations
-#     migrateToSecureLegacySignature: true
-#     jwt:
-#       sign:
-#         expiresIn: 29d
-#       verify:
-#         someProp: [value]
-#    web:
-#      sign:
-#        expiresIn: 1h # 1 hour by default
-#      verify:
-#         someProp: [value]
-
-# https://verdaccio.org/docs/configuration#user-rate-limit
-# userRateLimit:
-#   windowMs: 50000
-#   max: 1000
-
-# https://verdaccio.org/docs/configuration#max-body-size
-# max_body_size: 10mb
-
-# https://verdaccio.org/docs/configuration#listen-port
-# listen:
-# - localhost:4873            # default value
-# - http://localhost:4873     # same thing
-# - 0.0.0.0:4873              # listen on all addresses (INADDR_ANY)
-# - https://example.org:4873  # if you want to use https
-# - "[::1]:4873"                # ipv6
-# - unix:/tmp/verdaccio.sock    # unix socket
-
-# The HTTPS configuration is useful if you do not consider use a HTTP Proxy
-# https://verdaccio.org/docs/configuration#https
-# https:
-#   key: ./path/verdaccio-key.pem
-#   cert: ./path/verdaccio-cert.pem
-#   ca: ./path/verdaccio-csr.pem
-
-# https://verdaccio.org/docs/configuration#proxy
-# http_proxy: http://something.local/
-# https_proxy: https://something.local/
-
-# https://verdaccio.org/docs/configuration#notifications
-# notify:
-#   method: POST
-#   headers: [{ "Content-Type": "application/json" }]
-#   endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken
-#   content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}'
-
-middlewares:
-  audit:
-    enabled: true
-
-# https://verdaccio.org/docs/logger
-# log settings
-log: { type: stdout, format: pretty, level: http }
-#experiments:
-#  # support for npm token command
-#  token: false
-#  # disable writing body size to logs, read more on ticket 1912
-#  bytesin_off: false
-#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
-#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
-#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
-#  tarball_url_redirect(packageName, filename) {
-#    const signedUrl = // generate a signed url
-#    return signedUrl;
-#  }
-
-# translate your registry, api i18n not available yet
-# i18n:
-# list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md
-#   web: en-US
diff --git a/storage/verdaccio/htpasswd b/storage/verdaccio/htpasswd
deleted file mode 100644
index 45be3e2df7..0000000000
--- a/storage/verdaccio/htpasswd
+++ /dev/null
@@ -1 +0,0 @@
-nocobase:u/b9wA2ORbux2:autocreated 2024-06-25T03:58:23.923Z