Add Secrets
Secrets securely manage sensitive information, such as API keys, and allow connections to third-party service providers that require authentication. They're especially useful for handling development and production API keys or when building custom components that need to authenticate with a third-party provider.
About This Task
With secrets, you can:
- Securely manage API keys required for custom components to authenticate
- Manage both development and production API keys
Secrets create environment variables whose names you specify in the component's code to store API keys. You can create multiple secrets for one provider, such as one for a development key and another for a production key. This makes it possible to easily swap keys in the pipeline configuration.
Secrets and Connections
Both Connections and Secrets set environment variables for components. Provider connections use predefined variables, like OPENAI_API_KEY
for the OpenAIGenerator
. Secrets offer flexibility by letting you define custom variable names, which are useful for custom components or using multiple API keys for the same provider.
Add a Secret
Add a Secret on the Secrets Page
-
In deepset Cloud, click your initials in the top right corner and choose Secrets>Add New Secret.
-
Give your secret the same name as the environment variable where you want to store it.
-
Paste the API key into the Secret field and save it.
Use the Secret in Your Custom Component
Add the secret to the component's code by specifying the environment variable name, which must match the secret's name:
@component
class MyComponent
def __init__(self, api_key: Secret = Secret.from_env_var("<ENV_VAR_NAME")):
# the name of the environment variable must be the same as the name of the secret
...
If you have multiple secrets for one provider, you can easily switch between them in your pipeline YAML by updating the secret's name:
llm:
type: dc_custom_component.components.my_components.component1.MyComponent # the path to your component
init_parameters:
api_key: {"type": "env_var", "env_vars": ["ENV_VAR_NAME"], "strict": False} # uses the `ENV_VAR_NAME` secret
# to use another secret, update its name here
Updated 10 days ago