Secrets
Interface for managing secrets stored in the Datatailr platform.
Secrets are sensitive key-value pairs (passwords, API keys, tokens, etc.) that are stored securely and scoped to the current environment (dev/pre/prod). Access is controlled by per-secret ACLs.
Example
from datatailr import Secrets
secrets = Secrets()
db_password = secrets.get("database_password")
all_secrets = secrets.ls()
get(key)
Retrieve a secret value by its key. Only secrets that are available at the current environment (dev/pre/prod) can be accessed. The user must have the appropriate permissions to access the secret.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
key
|
str
|
The key of the secret to retrieve. |
required |
Returns:
| Name | Type | Description |
|---|---|---|
str |
str
|
The value of the secret. |
Example:
from datatailr import Secrets
secrets = Secrets()
db_password = secrets.get("database_password")
ls()
List all available secret keys in the current environment (dev/pre/prod). The user must have the appropriate permissions to list the secrets.
Returns:
| Type | Description |
|---|---|
list[dict[str, str | ACL]]
|
list[dict[str, str|ACL]]: A list of all secret keys along with their ACLs. |
Example:
from datatailr import Secrets
secrets = Secrets()
all_secrets = secrets.ls()
set_env(secret_name, env_var_name=None, overwrite=False)
Set the environment variable for the secret.
Note: Environment variables can be read by subprocesses and may be surfaced in logs or crash dumps; only use this for secrets you are comfortable exposing to the current process environment.
If env_var_name is not provided, it will be derived from the secret name by replacing slashes with underscores and converting to uppercase. Args: secret_name (str): The name of the secret to set the environment variable for. env_var_name (str | None): The name of the environment variable to set. overwrite (bool): Whether to overwrite the environment variable if it already exists.
Returns:
| Name | Type | Description |
|---|---|---|
str |
str
|
The name of the environment variable that was set. |
Example:
>>> from datatailr import Secrets
>>> secrets = Secrets()
>>> env_var_name = secrets.set_env("db/password", "DB_PASSWORD") # doctest: +SKIP
>>> print(env_var_name) # doctest: +SKIP
DB_PASSWORD