Secrets provide a way to store confidential data on Neu.ro, be it passwords, access keys, tokens, etc. You can use secrets in jobs to securely access some external services. Neu.ro secrets are based Kubernetes secrets. You can manage secrets both through Neu.ro CLI and the Web UI.
To create a secret from the Neu.ro CLI, use the
neuro secret add command:
> neuro secret add secret-password p@$$w0rd123
This will create a secret with a key secret-password and a value of p@$$w0rd123.
You can also point to an existing file with the required value when creating a secret by using the
> neuro secret add secret-password @path/to/secret/file.txt
To create a secret from the Neu.ro Web UI:
Log in to Neu.ro
Go to the Secrets tab:
Enter the secret's name, value, and click Save:
The new secret will be added to the list of your secrets:
There are two ways to use secrets in jobs - as a file and as an environment variable. Let's look how to do this in the CLI and in the Web UI.
To use a secret as a file in your job, provide its location in a
--volume parameter when running a job. For example:
To use a secret as an environment variable, declare it through the
--env parameter when running a job:
Now, depending on which method you chose, you can access the secret from within your job by either referring to its location
/var/secrets/secret-password.txt or reading the value of the
mypass environment variable.
To use a secret through the Web UI:
Log in to Neu.ro
On your dashboard, click RUN A JOB on a widget you want to work with. We'll use Terminal in this example:
In the newly-opened window, click ADD NEW SECRET:
Select the type of secret you want to use and the secret's key from the drop-down list. Then, depending on the type of secret you selected, enter the name of the environment variable or the path to the secret's file:
When ready, click RUN. You will be able to use the secret within a job run in this way.
You can share secrets through the CLI by using the
neuro acl grant command. The syntax is
neuro acl grant secret:<key> <username> <access-level>. For example:
> neuro acl grant secret:secret-password bob read
This will give Bob the access to use the
secret-password secret in their jobs.
You can also use the
neuro share command as an alias for
neuro acl grant:
> neuro share secret:secret-password bob
Keep in mind that, at this point in time, secret sharing is implemented in such a way that Bob won't be able to see this secret in their list of secrets when running
neuro secret ls. To check if they have access rights to use this secret, Bob will need to run
neuro acl list and search the output for the corresponding secret's URI. For example, if the secret was created by Alice, the URI will look like this:
To delete a secret, run the
neuro secret rm command:
> neuro secret rm secret-password
To check that the secret was removed, run the
neuro secret ls command to list all your current secrets:
> neuro secret lsKEY╶─────────────╴aws-keygcp-keywandb-token
Go to the Secrets tab.
Click the trash bin icon to the right of the secret you want to delete:
Click the check mark icon to confirm the changes: