Runhouse provides a convenient interface for managing your secrets in a secure manner. Secrets are stored in Vault, and never on Runhouse servers.
See the Accessibility API tutorial for more details on using the Secrets API.
Builds an instance of Secret
.
name (str, optional) – Name to assign the secret resource.
values (Dict, optional) – Dictionary of secret key-value pairs.
dryrun (bool, optional) – Whether to create in dryrun mode. (Default: False)
The resulting Secret object.
Example
>>> rh.secret("in_memory_secret", values={"secret_key": "secret_val"})
Builds an instance of ProviderSecret
. At most one of values, path, and env_vars
can be provided, to maintain one source of truth. If None are provided, will infer the values
from the default path or env vars for the given provider.
provider (str) – Provider corresponding to the secret. Currently supported options are: [“aws”, “azure”, “huggingface”, “lambda”, “github”, “gcp”, “ssh”]
name (str, optional) – Name to assign the resource. If none is provided, resource name defaults to the provider name.
values (Dict, optional) – Dictionary mapping of secret keys and values.
path (str or Path, optional) – Path where the secret values are held.
env_vars (Dict, optional) – Dictionary mapping secret keys to the corresponding environment variable key.
dryrun (bool) – Whether to creat in dryrun mode. (Default: False)
The resulting provider secret object.
Example
>>> aws_secret = rh.provider_secret("aws") >>> gcp_secret = rh.provider("gcp", path="~/.gcp/credentials") >>> lamdba_secret = rh.provider_secret("lambda", values={"api_key": "xxxxx"})
- __init__(name: str | None, values: Dict | None = None, dryrun: bool = False, **kwargs)[source]
Runhouse Secret object.
Note
To create a Secret, please use one of the factory methods.
Return list of all Runhouse providers (as class objects) supported out of the box.
Delete the secret config from Den and from Vault/local.
Create a Secret object from a config dictionary.
Load existing Secret via its name.
Whether the secret config is stored locally (as opposed to Vault).
Whether the secret is stored in Vault
Save the secret config to Den. Save the secret values into Vault if the user is logged in, or to local if not or if the resource is a local resource. If a folder is specified, save the secret to that folder in Den (e.g. saving secrets for a cluster associated with an organization).
Return a copy of the secret on a system.
system (str or Cluster) – Cluster to send the secret to
name (str, ooptional) – Name to assign the resource on the cluster.
Example
>>> secret.to(my_cluster, path=secret.path)
Get secret names that are stored in Vault
- __init__(name: str | None = None, provider: str | None = None, values: Dict | None = None, path: str | None = None, env_vars: Dict | None = None, dryrun: bool = False, **kwargs)[source]
Provider Secret class. Built-in provider classes contain default path and/or environment variable mappings, based on it’s expected usage.
Currently supported built-in providers: anthropic, aws, azure, gcp, github, huggingface, lambda, langchain, openai, pinecone, ssh, sky, wandb.
Note
To create a ProviderSecret, please use the factory method
provider_secret()
.
Delete the secret config from Den and from Vault/local. Optionally also delete contents of secret file or env vars.
Create a ProviderSecret object from a config dictionary.
Save the secret config to Den. Save the secret values into Vault if the user is logged in, or to local if not or if the resource is a local resource. If a folder is specified, save the secret to that folder in Den (e.g. saving secrets for a cluster associated with an organization).
Return a copy of the secret on a system.
system (str or Cluster) – Cluster to send the secret to
path (str or Path, optional) – Path on cluster to write down the secret values to. If not provided and secret is not already associated with a path, the secret values will not be written down on the cluster.
env (str or Env, optional) – Env to send the secret to. This will save down the secrets as env vars in the env.
values (bool, optional) – Whether to save down the values in the resource config. By default, save down values if the secret is not being written down to a file or environment variable. Otherwise, values are not written down. (Default: None)
name (str, ooptional) – Name to assign the resource on the cluster.
Example
>>> secret.to(my_cluster, path=secret.path)
Bases: ProviderSecret
Note
To create an AWSSecret, please use the factory method provider_secret()
with provider="aws"
.
Bases: ProviderSecret
Note
To create an AzureSecret, please use the factory method provider_secret()
with provider="azure"
.
Bases: ProviderSecret
Note
To create a GCPSecret, please use the factory method provider_secret()
with provider="gcp"
.
Bases: ProviderSecret
Note
To create a GitHubSecret, please use the factory method provider_secret()
with provider="github"
.
Bases: ProviderSecret
Note
To create a HuggingFaceSecret, please use the factory method provider_secret()
with
provider="huggingface"
.
Bases: ProviderSecret
Note
To create a LambdaSecret, please use the factory method provider_secret()
with provider="lambda"
.
Bases: ProviderSecret
Note
To create a SSHSecret, please use the factory method provider_secret()
with provider="ssh"
.
Bases: SSHSecret
Note
To create a SkySecret, please use the factory method provider_secret()
with provider="sky"
.
Bases: ApiKeySecret
Note
To create an AnthropicSecret, please use the factory method provider_secret()
with provider="anthropic"
.
Bases: ApiKeySecret
Note
To create an CohereSecret, please use the factory method provider_secret()
with provider="cohere"
.
Bases: ApiKeySecret
Note
To create an LangChainSecret, please use the factory method provider_secret()
with provider="langchain"
.
Bases: ApiKeySecret
Note
To create an OpenAISecret, please use the factory method provider_secret()
with provider="openai"
.
Bases: ApiKeySecret
Note
To create an PineconeSecret, please use the factory method provider_secret()
with provider="pinecone"
.
Bases: ApiKeySecret
Note
To create an WandBSecret, please use the factory method provider_secret()
with provider="wandb"
.