Reference secrets in stack configuration
Reference secrets in stack component attributes and settings
Some of the components in your stack require you to configure them with sensitive information like passwords or tokens, so they can connect to the underlying infrastructure. Secret references allow you to configure these components in a secure way by not specifying the value directly but instead referencing a secret by providing the secret name and key. Referencing a secret for the value of any string attribute of your stack components, simply specify the attribute using the following syntax: {{<SECRET_NAME>.<SECRET_KEY>}}
For example:
When using secret references in your stack, ZenML will validate that all secrets and keys referenced in your stack components exist before running a pipeline. This helps us fail early so your pipeline doesn't fail after running for some time due to some missing secret.
This validation by default needs to fetch and read every secret to make sure that both the secret and the specified key-value pair exist. This can take quite some time and might fail if you don't have permission to read secrets.
You can use the environment variable ZENML_SECRET_VALIDATION_LEVEL
to disable or control the degree to which ZenML validates your secrets:
Setting it to
NONE
disables any validation.Setting it to
SECRET_EXISTS
only validates the existence of secrets. This might be useful if the machine you're running on only has permission to list secrets but not actually read their values.Setting it to
SECRET_AND_KEY_EXISTS
(the default) validates both the secret existence as well as the existence of the exact key-value pair.
Fetch secret values in a step
If you are using centralized secrets management, you can access secrets directly from within your steps through the ZenML Client
API. This allows you to use your secrets for querying APIs from within your step without hard-coding your access keys:
See Also
Interact with secrets: Learn how to create, list, and delete secrets using the ZenML CLI and Python SDK.
Last updated