Jump to content

Secret Mangement Best Practices

Go to solution Solved by Alberto Rivas,

Recommended Posts

These are two options I have used:

  • Use a .env file, don't give many people access to the datalab project (don't use the corporate folder)
    • Advantage is that you can use github and share notebooks manually, no secrets stored in notebooks
    • Disadvantage is that nobody else can see or use the project unless you want them to have the secrets. (and seeq admins)
  • Misuse the seeq "AccessKeys" API- Create a new seeq access key with the API secret in the name or description of the key (the seeq access key isn't needed)
    • Advantage is that secrets would only be available and viewable to individual user (and seeq admins)
    • Disadvantage is that it is using something in a non-standard way, which means it might stop working after an upgrade.

I think the .env is really the only way to go for now?


Link to comment
Share on other sites

  • Seeq Team
  • Solution

Hi Ivan,
What is the intent here? For example, do you want other users to only execute the code without making any changes to the notebook or potentially not even seeing the code (and the secrets)? or are you expecting other users to take your notebook as a starting point and make their changes?

If it's the former, we are in the process of preparing documentation to provide some guidance. More to come on this in a few weeks.

If it's the latter, the typical approach is what you describe with a `.env` file. As you mentioned, you don't store any secrets in the notebook but expect other users to create their own `.env` file with their own credentials. Typically, you can also commit an example `env` file to the repo to show what is expected in the file. 

Link to comment
Share on other sites

I really like the idea putting nearly everything on the corporate drive (in an organized fashion), it means that if I leave the company or move to a new responsibility, I'm not taking all the things I built with me in my personal drive. The intent would be that this can be done without sharing the secret with everyone that has access to the notebook.

I look forward to the documentation you are coming up with, it sounds close to what I am trying to do.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...