Security
Best practices for secrets
Securely store and access passwords, tokens, keys, and more
Store sensitive credentials like API keys and passwords using the secrets dashboard.
- Secrets are stored as key-value pairs (name → token).
- Naming rules: Non-alphanumeric characters are treated the same (e.g.,
hf_access_token
andhf-access-token
are identical). Creating a new secret with a similar name overwrites the existing one. - Changes to secrets immediately affect all models using them.
Any model deployed to a workspace will have access to any secrets specified on the workspace.
Using secrets in Truss
1
Add the secret name to config.yaml, setting the value to null:
config.yaml
Never set the actual value of the secret in config.yaml
or any other file that gets committed to your codebase.
2
Access secrets in model.py:
model/model.py
3
Use secrets in load or predict:
model/model.py
Was this page helpful?