Managing secrets

CaraML provides capability for storing user's secret in the platform. The secret can be used by the user within CaraML workload such as batch prediction, router deployment, and pipeline. The secret is stored within a secret storage which can be configured in CaraML deployment.

Creating Secret

To create a secret, user can visit the project settings page and click the "Secret" tab.

The secret tab will show the list of secret that has been created for the project. User can click the "Create Secret" button to create a new secret.

Configuring Default Secret Storage

By default, a CaraML installation will use internal secret storage. The internal secret storage is a simple key-value store that is stored in the database. For a more secure secret storage, CaraML can be configured to use external secret storage such as Hashicorp Vault. To configure the default secret storage, user can specify defaultSecretStorage configuration when deploying the MLP component. Currently, the supported secret storage is internal and vault.

For example following configuration will configure CaraML to use Hashicorp Vault as the default secret storage.

  defaultSecretStorage:
    name: vault
    type: vault
    config:
      vaultConfig:
        url: https://localhost:8200
        role: my-role
        mountPath: secret
        pathPrefix: caraml-secret/{{ .Project }}/
        authMethod: gcp
        gcpAuthType: gce

Below table shows the list of supported configuration when using vault secret storage.

Vault Configurations

PreviousCreate a project NextFeature Store

Last updated 1 year ago