Skip to content

Use secrets in your worker

Overview

Secrets are text payloads shared securely between the Arkindex instance and any worker. It is generally used to store sensitive values that may give Arkindex users access to any resources that should be private, for example because they cost money or are proprietary.

For more information about secrets, please visit the Arkindex documentation.

Accessing secrets in the API

Since Arkindex 0.14.2, an API endpoint is available to retrieve secrets called RetrieveSecret. The endpoint cannot be accessed by regular users, but machine learning workers and administrators can use it.

Declaring secrets in workers

Declaring a secret in your worker allows our base worker package to retrieve the secret for you, and causes it to fail when the secret is missing from the Arkindex instance.

To declare a secret

  1. Add the secret’s name to the secrets section of a worker in the .arkindex.yml file:
---
version: 2

workers:
 - slug: my_worker
   name: My nice worker
   configuration:
     threshold: 21.3

   # Declare your secrets as below, only specifying their name
   secrets:
     - project/tool/credentials.json

For more information on the .arkindex.yml file, see YAML configuration.

Accessing secrets in Python code

Declared secrets will be made available to Worker classes as the self.secrets attribute, a Python dict mapping secret names to unencrypted secret content.

To access a secret in Python code

  1. Anywhere in the code, use self.secrets["my_secret_name"], where my_secret_name is the name of the secret.