Very often, deployments require sensitive information such as passwords, API keys, or certificates. Tensorkube provides a built-in feature called Secrets to securely store and manage such sensitive data.

Creating a secret

To create a secret in tensorkube, you can use the following command:

tensorkube secret create SECRET_NAME KEY1=VAL1 KEY2=VAL2 KEY3=VAL3 ...

Arguments:

  • SECRET_NAME: [required]

  • KEYVALUES…: [required], Space-separated KEY=VALUE items

  • —env ENV_NAME: [optional], Environment in which the secret is created. If not specified, default environment is used.

  • —force: [optional], Overwrite the secret if it already exists.

When updating a secret, it’s important to redeploy any application that uses this secret. Failure to do so may result in inconsistencies in application behavior, as any running pods might still be using the old secret value but any new onces created will use the updated values. To ensure consistent behavior, always redeploy your applications after updating a secret.

Listing secrets

You can list out created secrets using the command:

tensorkube list secrets

Arguments:

  • —env ENV_NAME: [Optional] Specify the environment to list the secrets from. If not specified, secrets from the default environment will be listed.

Deleting secrets

You can delete a secret using the command:

tensorkube secret delete SECRET_NAME

Arguments:

  • SECRET_NAME: [Required], The name of the secret you want to delete.

  • —env ENV_NAME: [Optional], Specify the environment from which the secret should be deleted. If not specified, the secret will be deleted from the default environment.

Using secrets in deployments

You can use secrets in a deployment using the --secret flag in the deploy command. Secrets are exposed as environment variables in your deployed code.

tensorkube deploy --secret secret1 --secret secret2 ...

If you are deploying in a particular environment, make sure the secrets have also been created in that particular environment.

Example

Let’s say you create a secret with the command

tensorkube secret create secret1 KEY1=VAL1 key2=val2

And deploy your app with the command

tensorkube deploy --secret secret1

You can access these in your code as follows:

import os

VAL1 = os.environ.get("KEY1")
val2 = os.environ.get("key2")

## Use VAL1 and val2 in your code as required