Truss allows you to securely manage API keys, access tokens, passwords, and other secrets without exposing them in code.

1. Define Secrets in config.yaml

Add secrets with placeholder values in config.yaml:

secrets:
  hf_access_token: null
Never store actual secret values in config.yaml. Store secrets in the workspace settings.

2. Access Secrets in model.py

Secrets are passed as keyword arguments to the Model class:

def __init__(self, **kwargs):
    self._secrets = kwargs["secrets"]

Use secrets inside load or predict:

def load(self):
    self._model = pipeline(
        "fill-mask",
        model="baseten/docs-example-gated-model",
        use_auth_token=self._secrets["hf_access_token"]
    )

3. Store Secrets on Your Remote

  • On Baseten, add secrets in the workspace settings.
  • Use the exact name from config.yaml (case-sensitive).

4. Deploying with Secrets

By default, models have access to any secrets on a workspace.