Storing Secrets and Environment Variables

Secrets and environment variables can be injected into the containers that run your apps. You can manage secrets through the CLI: 
$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Created secret with name: 'AWS_ACCESS_KEY'

Using Secrets

Once created, you can access a secret like an environment variable: 
from beam import function


@function(secrets=["AWS_ACCESS_KEY"])
def handler():
    import os

    my_secret = os.environ["AWS_ACCESS_KEY"]
    print(f"Secret: {my_secret}")

Passing Secrets to on_start

If your app used an on_start function, secrets can be passed to that function as well. 
from beam import endpoint


# This has access to secrets passed down in the handler
def load_models():
    import os

    my_secret = os.environ["AWS_ACCESS_KEY"]
    print("The function can read secrets:", my_secret)


@endpoint(
    secrets=["AWS_ACCESS_KEY"],
    on_start=load_models,
)
def handler(context):
    return {}

CLI Commands

List Secrets

beam secret list

$ beam secret list

  Name             Last Updated     Created
 ──────────────────────────────────────────────────
  AWS_KEY          19 hours ago     19 hours ago
  AWS_ACCESS_KEY   20 seconds ago   20 seconds ago
  AWS_REGION       7 seconds ago    7 seconds ago

  3 items

Create a Secret

beam secret create [KEY] [VALUE]

$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Created secret with name: 'AWS_ACCESS_KEY'
If your secret contains special characters, you may need to escape them with a backslash. For example, a$b would need to be a\$b.

Show a Secret

beam secret create show [KEY]

$ beam secret show AWS_ACCESS_KEY

=> Secret 'AWS_ACCESS_KEY': ASIAY34FZKBOKMUTVV7A

Modify a Secret

beam secret modify [KEY] [VALUE]

$ beam secret modify AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A

=> Modified secret 'AWS_ACCESS_KEY'

Delete a Secret

beam secret delete [KEY]

$ beam secret delete AWS_ACCESS_KEY

=> Deleted secret 'AWS_ACCESS_KEY'