Secrets

Secrets are text payloads shared securely between the Arkindex instance, users with rights and any worker.

Example uses of secrets

You can use Arkindex secrets to store sensitive values that may give Arkindex users access to any resources that should be private, for example because they cost money or are proprietary.

Secrets are only visible to users with at least guest access. Their decrypted contents are only visible to users with at least a contributor access.

Here are some common examples of secrets:

• Third-party credentials (like Google or GitLab tokens)
• Private settings for your workers
• Specific configuration per instance for workers

As secrets are tied to an instance, it can also be a good way to customize a worker’s behaviour depending on the Arkindex instance.

Structure

A secret is made of two parts:

• A name: an unique identifier that you choose (as a Machine learning developer) to identify your secret;
• A content: the secret’s payload.

You can use 3 different formats for your secret content:

• JSON (name ending in .json)
• YAML (name ending .yaml)
• Raw text (any other case)

Naming a secret

Here are some suggestions to name your secrets:

• Use a prefix when possible:
  • private_key is too generic
  • google.json is also too generic
  • google_ocr/credentials.json is a great specific name
• Do not use the instance’s name or definition in your secret:
  • my_project/prod/credentials.json would make no sense on a preprod instance
  • my_project/credentials.json
• Use filename-like names:
  • Avoid My Beautiful Secret
  • Prefer my_beautiful_secret.yaml