You may want to use API keys, passwords, or other sensitive information in your app, but you don’t want them stored in your code. In this case, it’s best to use Secrets. Secrets are stored encrypted (256-bit Advanced Encryption Standard (AES)) and are only decrypted when your app runs.

Secrets are shared across all apps in your project.

Adding a secret will make the value available to your app as an environment variable.

Secrets are loaded on container startup. If you update a secret, you must restart your app container for the changes to take effect.

def predict(run_id):
    print(f"Run ID: {run_id}")

    hf_token = os.environ.get("HF_TOKEN")
    logger.info(f"HF_TOKEN: {hf_token}")

    return {"result": f"Your HF_TOKEN is {hf_token}"}

Secrets are stored as strings. If your secret is a JSON payload or similar, remember to convert it to the correct format using json.loads(os.environ.get("MY_JSON_SECRET")).

Managing Secrets

Secrets are created, updated, and deleted in your dashboard.

Secrets are loaded on model start. You will need to wait for your app container to restart or deploy your app before the new secret is available.

Local Development

When developing locally, you can use an .env file to store your secrets. Later, you can add these secrets to your project from the dashboard.

import os
from dotenv import load_dotenv

load_dotenv()

hf_token = os.environ.get("HF_TOKEN")
Security & Data PrivacyDecrease Model Loading Time