This is a Preview feature.

SingleStore Helios Secrets is a cloud service that allows you to manage and use your sensitive data (e.g., access tokens, API Keys). Instead of hard-coding your sensitive information directly in your SingleStore Notebooks or other Python environments in order to connect to your ecosystem, create a new secret and access the sensitive information by referencing the secret by name. Using secrets helps you avoid exposing or hard-coding the actual credential, key, or other sensitive information.

Manage Secrets

Each secret is a name, value pair.

You can create and manage secrets using any of the following:

  • Cloud Portal UI

  • Management API

Using the Cloud Portal

You can create, edit, delete, and share secrets in SingleStore via the Secrets tab available in the Notebooks under Develop page.

Create a Secret

To create a secret:

  1. On the Cloud Portal, from the Secrets page, select New Secret.

  2. Enter a Name and Value for the secret.

    A dialog named New Secret with two boxes to enter secret and value, respectively.
  3. Select Create Secret. The secret is added to the list of secrets displayed on the Secrets page in the Cloud Portal.

Edit a Secret

To edit a secret, select Edit from the Actions menu for the secret you want to edit. Make your changes, and select Update.

Delete a Secret

To delete a secret, select Delete from the Actions menu for the secret you want to delete. Confirm and select Delete.

Using the Management API

Use the Secrets path (/v1/secrets endpoint) in the Management API to create and manage secrets. Refer to Management API Reference for more information.

Use Secrets

You can access the secrets in SingleStore Notebooks or other Python environments using the get_secret() function from the SingleStore Python SDK without the need to install additional libraries.

SingleStore Notebooks

To read/access a secret, run the following command in your SingleStore notebook.

from import get_secret
secret = get_secret('<secret_name>')

Other Python Environments

To read/access a secret externally from other Python environments, connect to your SingleStore workspace using the Management API objects in the SingleStore Python SDK. Generate an API key for your organization on the Cloud Portal to authenticate your connection.

The following example accesses a secret named secretExample:

from singlestoredb import manage_workspaces
singlestoreAPIkey = '<your_API_key>'
org = manage_workspaces(singlestoreAPIkey).organizations.current

Share Secrets

All secrets are only accessible by the user who created the secret by default. To share a secret with other members or teams of your organization:

  1. Select Share from the Actions menu for the secret to share.

  2. From the Share <secret name> dialog, you can invite individual users or teams in the organization to have access to your secret. There are two access levels:

    • Owner: These users can edit the value of the secret, share it, and delete it.

    • Reader: These users have read-only access to the secret.

    Select a user or team from the list and then specify the access level (Owner or Reader). A secret may have more than one owner. To remove a user's or team's access to a secret, select Remove Access from the Access list.

  3. Select Save to share the secret.


  • All secrets within an organization share the same namespace. Use a unique name for your secret to avoid conflicts with identically named secrets in the organization.

  • Each secret must have at least one user with Owner access. Any secret without an Owner is automatically removed. For example, if a secret has only one owner and the owner leaves the organization, the secret gets deleted. However, it remains accessible if another user is given Owner access to the secret.

  • A Secret’s name can only contain letters, numbers, and underscores (“_") and its value must not exceed 5MB in size.


The following examples demonstrate how to securely retrieve and use a secret to access sensitive information.

Build an AWS S3 Client

The following example shows how to build an AWS S3 client in a SingleStore Notebook:

import boto3
from import get_secret
aws_access_key_id = get_secret('AWS_ACCESS_KEY_ID')
aws_secret_access_key = get_secret('AWS_SECRET_KEY')
s3_client = boto3.client('s3', aws_access_key_id = aws_access_key_id, aws_secret_access_key = aws_secret_access_key)

Use Hugging Face Token to Download an LLM

The following example shows how to download Google’s Gemma-7B model in a Python environment:

from singlestoredb import manage_workspaces
from transformers import AutoTokenizer, AutoModelForCausalLM
singlestoreAPIkey = '<your_API_key>'
org = manage_workspaces(singlestoreAPIkey).organizations.current
hf_token = org.get_secret('HF_TOKEN').value
tokenizer = AutoTokenizer.from_pretrained('google/gemma-7b',token=hf_token)
model = AutoModelForCausalLM.from_pretrained('google/gemma-7b', token = hf_token)

Last modified: May 20, 2024

Was this article helpful?