Secrets#
Secrets are a core component of Kubernetes that enable you to securely store sensitive information such as usernames, passwords, API keys, or authentication tokens for external resource authentication. When you create a secret, it is stored as a base64 encoded file within the Kubernetes cluster, with the name of the secret corresponding to the name of the file.
These encoded secrets can be accessed by mounting the file into your project sessions and deployments, allowing your applications to securely retrieve and use this sensitive information without exposing it in your source code.
Note
Anaconda strongly recommends using secrets as opposed to including credentials in your project, due to the security risk associated with storing them in version control.
Creating a secret#
Open the My account dropdown menu in the top navigation, then select Settings.
Under Secrets, click Add.
Enter a Name and Value for the secret you want to store, then click Add.
Note
Because secret names are file names, they can only contain alphanumeric characters and underscores.
Secrets you create are listed here, and are stored in the /var/run/secrets/user_credentials/
directory.
Using secrets#
To use a secret in a project, you must install the ae5-tools
package in your project’s environment.
Note
The
ae5-tools
package is available from Workbench’s internal repository.If you are using an external package repository, you can pull the
ae5-tools
package from anaconda.org.If you are working in an airgapped environment, you can download the package here, then transfer it to your cluster.
Then, from within your project, add the following code:
import os from ae5_tools import load_ae5_user_secrets
This function reads all secrets stored in the /var/run/secrets/user_credentials/
directory and creates environment variables for each defined secret.
For example, let’s say you have defined the following secrets:
MLFLOW_ACCESS_SECRET = "Pa55w0rd" REDIS_ACCESS_TOKEN = "N0Haxh3r3"
From within one of your projects, you could do the following:
import os from ae5_tools import load_ae5_user_secrets mlflow_secret: str = os.environ["MLFLOW_ACCESS_SECRET"] redis_secret: str = os.environ["REDIS_ACCESS_TOKEN"] print(mlflow_secret) print(redis_secret)Tip
There are multiple ways to call environment variables! For example, you could also import the
demand_env_var
function from theae5-tools
package and call environment variables like this:import os from ae5_tools import load_ae5_user_secrets, demand_env_var mlflow_secret: str = os.environ["MLFLOW_ACCESS_SECRET"] redis_secret: str = demand_env_var("REDIS_ACCESS_TOKEN") print(mlflow_secret) print(redis_secret)
Editing a secret#
Open the My account dropdown menu in the top navigation, then select the Settings.
Open the actions dropdown menu for your secret and select Edit.
Update the Value for your secret, then click Save.
Note
If you edit the name of a secret, a new secret is created instead.
Deleting a secret#
Open the My account dropdown menu in the top navigation, then select Settings.
Open the actions dropdown menu for your secret and select Delete.
Click Delete.