Secrets
Shakudo secrets refer to a Kubernetes object (secret) used to store sensitive information such as passwords, OAuth tokens, and SSH keys. Secrets are typically stored within the cluster in a base64-encoded format and can be mounted into containers as files or be exposed to containers as environment variables. You can seamlessly integrate Google or AWS Key Management Services, Azure Key Vault or Hashicorp Vault as backend and use it as Shakudo secrets.
Within the Shakudo environment, you can create a secret and mount it to your sessions, jobs, or services. The sections below discuss how to create a secret and add those to the Shakudo environment and access them.
How to create a secret?
Go to the secrets tab on the Shakudo dashboard and click on "Create Secret" on the top right corner.
Add the name and description of the secret. Note: The name should not contain blank space or underscore, since it's a mount directory name when you attach a secret to jobs/sessions.
Adding a purpose: A secret created by a user is often used in the microservice or within sessions. So, adding a purpose allows users to scope the usage of the secret to a job or session or both.
Development
refers tosessions
which creates a secret in thehyperplane-jhub
namespace and can only be used in sessions.Workloads
refers tojobs/microservice
which creates a secret in thehyperplane-pipelines
namespace and can only be used in microservices.Workloads & Development
helps create a secret in both of the above namespaces and can be used in all ofSessions
,Jobs
andMicroservices
.
How to access a secret in your code?
You can access the secret attached to your code via the mount directory
.
For example,
- if you create a secret
minio-creds
with the key asusername
and values asHelloWorld
then it will be mounted at/etc/hyperplane/secrets/minio-creds/username
file.
Alternatively, you can access secrets with environment variables.
HYPERPLANE_CUSTOM_SECRET_KEY_USERNAME
The key which you define will be added as an environment variable with the prefix HYPERPLANECUSTOM_SECRET_KEY.
pyshakudo
to manage secrets.
Shakudo offers a Python client pyshakudo to manage Shakudo resources. Note: This is still under development and currently capable of managing secrets.
pip install --index-url http://pypiserver-pypiserver.hyperplane-pypiserver.svc.cluster.local:8080/simple/ --trusted-host pypiserver-pypiserver.hyperplane-pypiserver.svc.cluster.local pyshakudo==0.1.0
Contact the Shakudo team to get access.
In your Python code, use this package to dynamically operate on the secrets.
# Example code to use pyshakudo to operate on Shakudo secrets in your sessions or microservice.
from pyshakudo.secrets import ShakudoSecretsManager
def main():
# Initialize the ShakudoSecretsManager with in-cluster configuration
manager = ShakudoSecretsManager()
# Get a specific secret
print("Getting specific secret...")
secret_name = "test-secret"
secret = manager.get_secret(secret_name)
print("Retrieved Secret Data:", secret.data)
if __name__ == "__main__":
main()
tsshakudo
to manage secrets in your typescript code.
tsshakudo is a npm package developed by shakudo team to manage shakudo secrets in your node code. Note: This is still under development and currently capable to managing secrets.
npm install npm install tsshakudo@0.1.0
import { ShakudoSecretsManager } from 'tsshakudo';
const main = async () => {
// Initialize the secrets manager with the default namespace and in-cluster config
const secretsManager = new ShakudoSecretsManager('hyperplane-jhub');
// Get the created secret
const fetchedSecret = await secretsManager.getSecret('test-secret');
console.log('Fetched Secret:', fetchedSecret);
main().catch((error) => {
console.error('Error:', error);
});