Secret
Package: flyte
Secrets are used to inject sensitive information into tasks or image build context. Secrets can be mounted as environment variables or files. The secret key is the name of the secret in the secret store. The group is optional and maybe used with some secret stores to organize secrets. The secret_mount is used to specify how the secret should be mounted. If the secret_mount is set to “env” the secret will be mounted as an environment variable. If the secret_mount is set to “file” the secret will be mounted as a file. The as_env_var is an optional parameter that can be used to specify the name of the environment variable that the secret should be mounted as.
Example:
@task(secrets="my-secret")
async def my_task():
# This will be set to the value of the secret. Note: The env var is always uppercase, and - is replaced with _.
os.environ["MY_SECRET"]
@task(secrets=Secret("my-openai-api-key", as_env_var="OPENAI_API_KEY"))
async def my_task2():
os.environ["OPENAI_API_KEY"]TODO: Add support for secret versioning (some stores) and secret groups (some stores) and mounting as files.
class Secret(
key: str,
group: typing.Optional[str],
mount: pathlib._local.Path | None,
as_env_var: typing.Optional[str],
)| Parameter | Type | Description |
|---|---|---|
key |
str |
The name of the secret in the secret store. |
group |
typing.Optional[str] |
The group of the secret in the secret store. |
mount |
pathlib._local.Path | None |
Use this to specify the path where the secret should be mounted. TODO: support arbitrary mount paths. Today only “/etc/flyte/secrets” is supported |
as_env_var |
typing.Optional[str] |
The name of the environment variable that the secret should be mounted as. |
Methods
| Method | Description |
|---|---|
stable_hash() |
Deterministic, process-independent hash (as hex string). |
stable_hash()
def stable_hash()Deterministic, process-independent hash (as hex string).