Storing Secrets and Environment Variables
Secrets and environment variables can be injected into the containers that run your apps.
You can manage secrets through the CLI:
$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A
=> Created secret with name: 'AWS_ACCESS_KEY'
Using Secrets
Once created, you can access a secret like an environment variable:
from beam import function
@function(secrets=["AWS_ACCESS_KEY"])
def handler():
import os
my_secret = os.environ["AWS_ACCESS_KEY"]
print(f"Secret: {my_secret}")
Passing Secrets to on_start
If your app used an on_start function, secrets can be passed to that function as well.
from beam import endpoint
def load_models():
import os
my_secret = os.environ["AWS_ACCESS_KEY"]
print("The function can read secrets:", my_secret)
@endpoint(
secrets=["AWS_ACCESS_KEY"],
on_start=load_models,
)
def handler(context):
return {}
CLI Commands
List Secrets
$ beam secret list
Name Last Updated Created
──────────────────────────────────────────────────
AWS_KEY 19 hours ago 19 hours ago
AWS_ACCESS_KEY 20 seconds ago 20 seconds ago
AWS_REGION 7 seconds ago 7 seconds ago
3 items
Create a Secret
beam secret create [KEY] [VALUE]
$ beam secret create AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A
=> Created secret with name: 'AWS_ACCESS_KEY'
If your secret contains special characters, you may need to escape them with a
backslash. For example, a$b would need to be a\$b.
Show a Secret
beam secret create show [KEY]
$ beam secret show AWS_ACCESS_KEY
=> Secret 'AWS_ACCESS_KEY': ASIAY34FZKBOKMUTVV7A
Modify a Secret
beam secret modify [KEY] [VALUE]
$ beam secret modify AWS_ACCESS_KEY ASIAY34FZKBOKMUTVV7A
=> Modified secret 'AWS_ACCESS_KEY'
Delete a Secret
$ beam secret delete AWS_ACCESS_KEY
=> Deleted secret 'AWS_ACCESS_KEY'
