Runhouse provides a convenient interface for managing your secrets in a secure manner. Secrets are stored in Vault, and never on Runhouse servers.
See Secrets in Vault for more details on using the Secrets API.
Handles cluster secrets management (reading and writing) across all major cloud providers. Secrets are securely stored in Hashicorp Vault.
Return list of all Runhouse providers (as class objects) supported out of the box.
Delete secrets credential files and use in Runhouse configs for list of specified providers. If none are provided, will delete secrets for all providers which have been enabled in the local environment.
Delete secrets from Vault for specified providers.
providers (List[str] or None) – Providers to delete from vault. If not set, will delete secrets for all providers which have been enabled in the local environment.
Delete local credentials file. If no path is provided will use the default path set for the provider.
Get all user secrets from Vault. Optionally save them down to local config files (where relevant).
Returns a list of cloud provider classes which Runhouse supports out of the box. If as_str is True, return the names of the providers as strings.
Upload all locally configured secrets into Vault. Secrets are loaded from their local config files.
~/.aws/credentials). To upload custom secrets for custom providers, see Secrets.put()
Read secrets from the Vault service for a given provider and optionally save them to their local config. If group is provided will read secrets for the specified group.
Load secret credentials for all the providers which have been configured locally, or optionally provide a list of specific providers to load. Returns a dictionary with provider name as the key and secrets dictionary as value.
Upload locally configured secrets for a specified provider into Vault. To upload custom provider secrets, include the secret param and specify the keys and values to upload.
from_env (bool) – Whether to read secrets from environment variables instead of local config files. (Default: False)
file_path (str or None) – If provided, will read secrets directly from specified file instead of default config file.
secret (dict or None) – Dict mapping provider secrets to value, if not loading from env or file.
group (str or None) – If provided, will attribute secrets to the specified group.
Save secrets for each provider to their respective local configs.
Save secrets for providers to their respective configs.
Copy secrets to the desired cluster for a list of builtin providers.
system (str or Cluster) – Cluster to send secrets to.
providers (List[str] or None) – Providers to send secrets for. If no providers are specified, will load all builtin providers that are already enabled.