Secrets allow you to inject secret values into your runs, such as API keys, passwords, access keys, or any other sensitive information. These secrets can be made accessible inside your run either through a mounted text file or, more typically, as an environment variable. Secrets are available across all the user’s clusters.
For example, secrets can be added as environment variables:
mcli create secret env NAME=my-super-secret-name
✔ Created environment secret: name ✔ Synced to all clusters
The above secret is now available inside your runs as the environment variable
NAME with the value
Secrets can also be injected as mounted text files:
mcli create secret git-ssh ~/.ssh/my_id_rsa
Working with secrets#
In this example, we create a secret, and then show how to access that within a run. First, create an environment variable secret with:
mcli create secret env SECRET_STUFF='super-secret-name'
Now, let’s run a simple “Hello World” run, except we access the injected secret in the command with
echo Hello $SECRET_STUFF:
name: hello-secret-user compute: gpus: 0 image: python command: | echo Hello $SECRET_STUFF!
Creating a run with the above YAML should yield:
> mcli run -f hello-secret-user.yaml i Run hello-secret-user submitted. Waiting for it to start... i You can press Ctrl+C to quit and follow your run manually. ✔ Run hello-secret-user started i Following run logs. Press Ctrl+C to quit. Hello super-secret-name!
Secrets by design are not modifiable. To edit the existing secret, delete the secret first and then re-create:
mcli delete secret secret-stuff mcli create secret env SECRET_STUFF='super-secret-name2'
You can get all of your secrets using:
mcli get secrets
Automatically mounted secrets#
Access to the MosaicML platform inside your run is automatically configured with your user’s permissions. You can use this to interact with the platform via the SDK or CLI. For example, you can launch a run inside a run or make updates to the existing run.