# Secrets SingleStore Helios Secrets is a cloud service that allows you to manage and use your sensitive data (e.g., access tokens, API Keys). Instead of hard-coding your sensitive information directly in your SingleStore Notebooks or other Python environments in order to connect to your ecosystem, create a new secret and access the sensitive information by referencing the secret by name. Using secrets helps you avoid exposing or hard-coding the actual credential, key, or other sensitive information. > **📝 Note**: SingleStore does not have a direct connector to integrate AWS Secrets Manager. If you are deploying on AWS, you should use Helios, where secrets are automatically handled securely on AWS. ## Manage Secrets Each secret is a name, value pair. You can create and manage secrets using any of the following: * Cloud Portal UI * `Management` API ## Using the Cloud Portal You can create, edit, delete, and share secrets in SingleStore via the **Secrets** tab available on the **Editor** page. ## Create a Secret To create a secret: 1. On the Cloud Portal, select **Editor > Secrets**. 2. On the **Secrets** tab, select **New Secret**. 3. Enter a **Name** and **Value** for the secret. ![A dialog named New Secret with two boxes to enter secret and value, respectively.](https://images.contentstack.io/v3/assets/bltac01ee6daa3a1e14/blt72622255a2d18341/6a3549c814127af125a6eb53/secretsS2-4xzqKO.png) 4. Select **Create Secret**. The secret is added to the list of secrets displayed on the **Secrets** page in the Cloud Portal. ## Edit a Secret To edit a secret, select **Edit** from the **Actions** column for the secret you want to edit. Make your changes, and select **Update**. ## Delete a Secret To delete a secret, select **Delete** from the **Actions** column for the secret you want to delete. Confirm and select **Delete**. ## Using the Management API Use the `Secrets` path (`/v1/secrets` endpoint) in the [Management API](https://docs.singlestore.com/cloud/reference/management-api.md) to create and manage secrets. Refer to [Management API Reference](https://docs.singlestore.com/cloud/reference/management-api/reference.md) for more information. ## Use Secrets You can access the secrets in SingleStore Notebooks or other Python environments using the `get_secret()` function from the [SingleStore Python SDK](https://singlestoredb-python.labs.singlestore.com/index.html) without the need to install additional libraries. ## SingleStore Notebooks To read/access a secret, run the following command in your notebook. ```Python from singlestoredb.management import get_secret secret = get_secret('') ``` ## Other Python Environments To read/access a secret externally from other Python environments, connect to your SingleStore workspace using the Management API objects in the SingleStore Python SDK. [Generate an API key](https://docs.singlestore.com/cloud/reference/management-api/#section-idm4495199953840032756423936306.md) for your organization on the [Cloud Portal](https://portal.singlestore.com/) to authenticate your connection. The following example accesses a secret named **secretExample**: ```Python from singlestoredb import manage_workspaces singlestoreAPIkey = '' org = manage_workspaces(singlestoreAPIkey).organizations.current print(org.get_secret('secretExample').value) ``` ## Share Secrets All secrets are only accessible by the user who created the secret by default. To share a secret with other members or teams of your organization: 1. Select **Share** from the **Actions** column for the secret to share. 2. From the **Share \** dialog, you can invite individual users or teams in the organization to have access to your secret. There are two access levels: * **Owner**: These users can edit the value of the secret, share it, and delete it. * **Reader**: These users have read-only access to the secret. Select a user or team from the list and then specify the access level (**Owner** or **Reader**). A secret may have more than one owner. To remove a user's or team's access to a secret, select **Remove Access** from the **Access** list. 3. Select **Save** to share the secret. ## Remarks * All secrets within an organization share the same namespace. Use a unique name for your secret to avoid conflicts with identically named secrets in the organization. * Each secret must have at least one user with Owner access. Any secret without an Owner is automatically removed. For example, if a secret has only one owner and the owner leaves the organization, the secret gets deleted. However, it remains accessible if another user is given Owner access to the secret. * A Secret’s name can only contain letters, numbers, and underscores (“\_") and its value must not exceed 5MB in size. ## Examples The following examples demonstrate how to securely retrieve and use a secret to access sensitive information. ## Build an AWS S3 Client The following example shows how to build an AWS S3 client in a notebook: ```Python import boto3 from singlestoredb.management import get_secret aws_access_key_id = get_secret('AWS_ACCESS_KEY_ID') aws_secret_access_key = get_secret('AWS_SECRET_KEY') s3_client = boto3.client('s3', aws_access_key_id = aws_access_key_id, aws_secret_access_key = aws_secret_access_key) ``` ## Use Hugging Face Token to Download an LLM The following example shows how to download Google’s Gemma-7B model in a Python environment: ```Python from singlestoredb import manage_workspaces from transformers import AutoTokenizer, AutoModelForCausalLM singlestoreAPIkey = '' org = manage_workspaces(singlestoreAPIkey).organizations.current hf_token = org.get_secret('HF_TOKEN').value tokenizer = AutoTokenizer.from_pretrained('google/gemma-7b',token=hf_token) model = AutoModelForCausalLM.from_pretrained('google/gemma-7b', token = hf_token) ``` *** Modified at: November 21, 2025 Source: [/cloud/developer-resources/secrets/](https://docs.singlestore.com/cloud/developer-resources/secrets/) (An index of the documentation is available at /llms.txt)