Secrets
On this page
SingleStore Helios Secrets is a cloud service that allows you to manage and use your sensitive data (e.
Manage Secrets
Each secret is a name, value pair.
You can create and manage secrets using any of the following:
-
Cloud Portal UI
-
Management
API
Using the Cloud Portal
You can create, edit, delete, and share secrets in SingleStore via the Secrets tab available on the Data Studio page.
Create a Secret
To create a secret:
-
On the Cloud Portal, from the Secrets tab, select New Secret.
-
Enter a Name and Value for the secret.
-
Select Create Secret.
The secret is added to the list of secrets displayed on the Secrets page in the Cloud Portal.
Edit a Secret
To edit a secret, select Edit from the Actions column for the secret you want to edit.
Delete a Secret
To delete a secret, select Delete from the Actions column for the secret you want to delete.
Using the Management API
Use the Secrets
path (/v1/secrets
endpoint) in the Management API to create and manage secrets.
Use Secrets
You can access the secrets in SingleStore Notebooks or other Python environments using the get_
function from the SingleStore Python SDK without the need to install additional libraries.
SingleStore Notebooks
To read/access a secret, run the following command in your SingleStore notebook.
from singlestoredb.management import get_secretsecret = get_secret('<secret_name>')
Other Python Environments
To read/access a secret externally from other Python environments, connect to your SingleStore workspace using the Management API objects in the SingleStore Python SDK.
The following example accesses a secret named secretExample:
from singlestoredb import manage_workspacessinglestoreAPIkey = '<your_API_key>'org = manage_workspaces(singlestoreAPIkey).organizations.currentprint(org.get_secret('secretExample').value)
Share Secrets
All secrets are only accessible by the user who created the secret by default.
-
Select Share from the Actions column for the secret to share.
-
From the Share <secret name> dialog, you can invite individual users or teams in the organization to have access to your secret.
There are two access levels: -
Owner: These users can edit the value of the secret, share it, and delete it.
-
Reader: These users have read-only access to the secret.
Select a user or team from the list and then specify the access level (Owner or Reader).
A secret may have more than one owner. To remove a user's or team's access to a secret, select Remove Access from the Access list. -
-
Select Save to share the secret.
Remarks
-
All secrets within an organization share the same namespace.
Use a unique name for your secret to avoid conflicts with identically named secrets in the organization. -
Each secret must have at least one user with Owner access.
Any secret without an Owner is automatically removed. For example, if a secret has only one owner and the owner leaves the organization, the secret gets deleted. However, it remains accessible if another user is given Owner access to the secret. -
A Secret’s name can only contain letters, numbers, and underscores (“_
") and its value must not exceed 5MB in size.
Examples
The following examples demonstrate how to securely retrieve and use a secret to access sensitive information.
Build an AWS S3 Client
The following example shows how to build an AWS S3 client in a SingleStore Notebook:
import boto3from singlestoredb.management import get_secretaws_access_key_id = get_secret('AWS_ACCESS_KEY_ID')aws_secret_access_key = get_secret('AWS_SECRET_KEY')s3_client = boto3.client('s3', aws_access_key_id = aws_access_key_id, aws_secret_access_key = aws_secret_access_key)
Use Hugging Face Token to Download an LLM
The following example shows how to download Google’s Gemma-7B model in a Python environment:
from singlestoredb import manage_workspacesfrom transformers import AutoTokenizer, AutoModelForCausalLMsinglestoreAPIkey = '<your_API_key>'org = manage_workspaces(singlestoreAPIkey).organizations.currenthf_token = org.get_secret('HF_TOKEN').valuetokenizer = AutoTokenizer.from_pretrained('google/gemma-7b',token=hf_token)model = AutoModelForCausalLM.from_pretrained('google/gemma-7b', token = hf_token)
Last modified: November 26, 2024