Credential management

Proper credential management is essential for authentication and interaction with 3rd-party services. Integrating with services like OpenAI, HuggingFace, or Snowflake requires users to enter secret keys associated with their accounts. Storing these keys in plain text, however, poses a security risk.

In Snorkel Flow, superadmin users can leverage the SDK to encrypt and store sensitive credentials/keys in the secret store. These tools enable superadmin users to register credentials to a specific reference key and allow all users to reference that key throughout the platform. Each key is scoped to a workspace.

Using the SDK

The SDK provides methods to set, delete, and list secrets

• secrets.set_secret(_key_, _value_, _secret_store='local_store'_, _workspace_uid=1_, _kwargs=None_) Sets the secret given a key, value, and secret_store type
  • key is the reference, and value is the actual secret
  • The secret_store variable determines what secret store you can register secrets to. Currently, only the  "local_store" option is supported
  • The workspace_uid controls which workspace the secret is registered to. Default is 1
• secrets.delete_secret(_key_, _secret_store='local_store'_, _workspace_uid=1_, _kwargs=None_) deletes the secret associated with key from the secret store
• secrets.list_secrets(_secret_store='local_store'_, _workspace_uid=1_, _kwargs=None_) Lists all the keys (i.e., references) for a workspace NOT the secrets