Implementation:Bentoml BentoML Secret DataClass
| Knowledge Sources | |
|---|---|
| Domains | Cloud API, Secrets Management |
| Last Updated | 2026-02-13 15:00 GMT |
Overview
Defines the Secret data class and SecretAPI client for managing BentoCloud secrets through CRUD operations including create, read, update, and delete.
Description
The secret module provides two main classes:
- Secret -- An attrs-based data class extending SecretSchema. It adds a created_by field and provides to_dict (via bentoml_cattr) and to_yaml methods for serialization. The from_secret_schema class method converts a SecretSchema REST API response into a Secret instance, mapping name, uid, resource_type, labels, timestamps, creator, description, content, and cluster fields.
- SecretAPI -- An attrs-based API client wrapper that communicates with the BentoCloud REST API through a RestApiClient. It provides five operations:
- list(search) -- Lists all secrets, optionally filtered by a search string.
- create(name, type, cluster, description, path, key_vals, stage) -- Creates a new secret with content defined by type, optional path, and key-value pairs wrapped in SecretContentSchema and SecretItem objects.
- get(name, cluster) -- Retrieves a specific secret by name and optional cluster.
- update(name, type, cluster, description, path, key_vals, stage) -- Updates an existing secret using UpdateSecretSchema.
- delete(name, cluster) -- Deletes a secret by name, raising ValueError if name is None.
Usage
Use this module to programmatically manage BentoCloud secrets such as API keys, database credentials, and environment variables that need to be securely stored and accessed by deployed services.
Code Reference
Source Location
- Repository: Bentoml_BentoML
- File: src/bentoml/_internal/cloud/secret.py
- Lines: 1-160
Signature
@attr.define
class Secret(SecretSchema):
created_by: str
def to_dict(self) -> dict[str, t.Any]: ...
def to_yaml(self) -> str: ...
@classmethod
def from_secret_schema(cls, secret_schema: SecretSchema) -> Secret: ...
@attr.define
class SecretAPI:
_client: RestApiClient
def list(self, search: str | None = None) -> t.List[Secret]: ...
def create(self, name: str, type: str, cluster: str | None = None, description: str | None = None, path: str | None = None, key_vals: t.List[t.Tuple[str, str]] = [], stage: str | None = None) -> Secret: ...
def get(self, name: str, cluster: str | None = None) -> Secret: ...
def update(self, name: str, type: str, cluster: str | None = None, description: str | None = None, path: str | None = None, key_vals: t.List[t.Tuple[str, str]] = [], stage: str | None = None) -> Secret: ...
def delete(self, name: str | None = None, cluster: str | None = None) -> None: ...
Import
from bentoml._internal.cloud.secret import Secret, SecretAPI
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| name | str | Yes | Name of the secret |
| type | str | Yes | Type of the secret (for create/update) |
| cluster | str or None | No | Target cluster name |
| description | str or None | No | Description of the secret |
| path | str or None | No | File path associated with the secret |
| key_vals | List[Tuple[str, str]] | No | Key-value pairs forming the secret content |
| stage | str or None | No | Deployment stage identifier |
| search | str or None | No | Search filter string (for list) |
Outputs
| Name | Type | Description |
|---|---|---|
| Secret | Secret | A single secret object with all metadata and content |
| List[Secret] | List[Secret] | List of secret objects (from list operation) |
| None | None | Returned by delete operation |
Usage Examples
from bentoml._internal.cloud.secret import SecretAPI
# Assuming a configured REST API client
api = SecretAPI(client=rest_client)
# List all secrets
secrets = api.list()
for secret in secrets:
print(secret.name, secret.created_by)
# Create a new secret
new_secret = api.create(
name="db-credentials",
type="env",
description="Database connection credentials",
key_vals=[("DB_HOST", "localhost"), ("DB_PASS", "secret123")],
)
# Get a specific secret
secret = api.get(name="db-credentials")
print(secret.to_yaml())
# Update a secret
updated = api.update(
name="db-credentials",
type="env",
key_vals=[("DB_HOST", "production-host"), ("DB_PASS", "new-secret")],
)
# Delete a secret
api.delete(name="db-credentials")
Related Pages
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment