Skip to content

Secrets

Secrets are text payloads shared securely between the Arkindex instance and any worker. No user should have direct access to those secret values.

Example uses of secrets

You can use Arkindex secrets to store sensitive values that may give Arkindex users access to any resources that should be private, for example because they cost money or are proprietary.

Here are some common examples:

  • Third-party credentials (like Google or GitLab tokens)
  • Private settings for your workers
  • Specific configuration per instance for workers

As secrets are tied to an instance, it can also be a good way to customize a worker’s behaviour depending on the Arkindex instance.

Structure

A secret is made of two parts:

  • A name: an unique identifier that you choose (as a Machine learning developer) to identify your secret;
  • A content: the secret’s payload.

You can use 3 different formats for your secret content:

  • JSON (name ending in .json)
  • YAML (name ending .yaml)
  • Raw text (any other case)

Naming a secret

Here are some suggestions to name your secrets:

  • Use a prefix when possible:
    • private_key is too generic
    • google.json is also too generic
    • google_ocr/credentials.json is a great specific name
  • Do not use the instance’s name or definition in your secret:
    • my_project/prod/credentials.json would make no sense on a preprod instance
    • my_project/credentials.json
  • Use filename-like names:
    • Avoid My Beautiful Secret
    • Prefer my_beautiful_secret.yaml