Storing Secrets

Storing Secrets and Environment Variables

Secrets and environment variables can be injected into the containers that run your apps.

You can manage secrets through the CLI:

$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Created secret with name: 'AWS_ACCESS_KEY'

Using Secrets

Once created, you can access a secret like an environment variable:

from beam import function


@function(secrets=["AWS_ACCESS_KEY"])
def handler():
    import os

    my_secret = os.environ["AWS_ACCESS_KEY"]
    print(f"Secret: {my_secret}")

Passing Secrets to `on_start`

If your app used an on_start function, secrets can be passed to that function as well.

from beam import endpoint


# This has access to secrets passed down in the handler
def load_models():
    import os

    my_secret = os.environ["AWS_ACCESS_KEY"]
    print("The function can read secrets:", my_secret)


@endpoint(
    secrets=["AWS_ACCESS_KEY"],
    on_start=load_models,
)
def handler(context):
    return {}

CLI Commands

List Secrets

beam secret list

$ beam secret list

  Name             Last Updated     Created
 ──────────────────────────────────────────────────
  AWS_KEY          19 hours ago     19 hours ago
  AWS_ACCESS_KEY   20 seconds ago   20 seconds ago
  AWS_REGION       7 seconds ago    7 seconds ago

  3 items

Create a Secret

beam secret create [KEY] [VALUE]

$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Created secret with name: 'AWS_ACCESS_KEY'

If your secret contains special characters, you may need to escape them with a backslash. For example, a$b would need to be a\$b.

Show a Secret

beam secret create show [KEY]

$ beam secret show AWS_ACCESS_KEY

=> Secret 'AWS_ACCESS_KEY': ASIAY34FZKBOKMUTVV7A

Modify a Secret

beam secret modify [KEY] [VALUE]

$ beam secret modify AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Modified secret 'AWS_ACCESS_KEY'

Delete a Secret

beam secret delete [KEY]

$ beam secret delete AWS_ACCESS_KEY

=> Deleted secret 'AWS_ACCESS_KEY'

Was this page helpful?

GPU Acceleration Distributed Storage Volumes

On this page

Storing Secrets and Environment Variables
Using Secrets
Passing Secrets to on_start
CLI Commands
List Secrets
Create a Secret
Show a Secret
Modify a Secret
Delete a Secret

Getting Started

Customizing the Environment

Managing Data

Endpoints and Web Servers

Task Queues

Serverless Functions

Autoscaling and Concurrency

Other Topics

Self-Hosting

Resources

Security

Storing Secrets

Storing Secrets and Environment Variables

Using Secrets

Passing Secrets to `on_start`

CLI Commands

List Secrets

Create a Secret

Show a Secret

Modify a Secret

Delete a Secret

Getting Started

Customizing the Environment

Managing Data

Endpoints and Web Servers

Task Queues

Serverless Functions

Autoscaling and Concurrency

Other Topics

Self-Hosting

Resources

Security

​Storing Secrets and Environment Variables

​Using Secrets

​Passing Secrets to on_start

​CLI Commands

​List Secrets

​Create a Secret

​Show a Secret

​Modify a Secret

​Delete a Secret

Storing Secrets and Environment Variables

Using Secrets

Passing Secrets to `on_start`

CLI Commands

List Secrets

Create a Secret

Show a Secret

Modify a Secret

Delete a Secret