Skip to main content
Secrets store API keys, passwords, and other sensitive information outside of code. Secrets are encrypted at rest (256-bit AES) and decrypted only at runtime. Secrets can be managed at both project and app levels. Project-level secrets are shared across all apps in your project, while app-level secrets are specific to an individual app. App secrets take precedence over project-wide secrets. Each secret is exposed to the app as an environment variable. Secrets are loaded on container startup. If you update a secret, you must restart your app container for the changes to take effect. 
def predict(run_id):
    print(f"Run ID: {run_id}")

    hf_token = os.environ.get("HF_TOKEN")
    logger.info(f"HF_TOKEN: {hf_token}")

    return {"result": f"Your HF_TOKEN is {hf_token}"}
Secrets are stored as strings. If your secret is a JSON payload or similar, remember to convert it to the correct format using json.loads(os.environ.get("MY_JSON_SECRET")).

Managing Secrets

Secrets are created, updated, and deleted in your dashboard. Secrets
Secrets are loaded on model start. You will need to wait for your app container to restart or deploy your app before the new secret is available.

Automatic Environment Variables

Cerebrium automatically sets the following environment variables for your app:
  • APP_NAME: The name of your application
  • HF_HOME: Set to ‘/persistent-storage/.cache/huggingface’ for caching HuggingFace models
  • PROJECT_ID: The ID of your Cerebrium project
  • BUILD_ID: The unique identifier for the current build
The app_id is a composite of PROJECT_ID + ’_’ + APP_NAME.

Local Development

For local development, use an .env file. Add the same secrets to the dashboard before deploying. 
import os
from dotenv import load_dotenv

load_dotenv()

hf_token = os.environ.get("HF_TOKEN")