Secrets and SecurityContext#
- class flytekit.Secret(group=None, key=None, group_version=None, mount_requirement=MountType.ANY)#
See cookbook:secrets for usage examples.
- Args:
group is the Name of the secret. For example in kubernetes secrets is the name of the secret key is optional and can be an individual secret identifier within the secret For k8s this is required version is the version of the secret. This is an optional field mount_requirement provides a hint to the system as to how the secret should be injected
- Parameters:
group (str | None)
key (str | None)
group_version (str | None)
mount_requirement (MountType)
- class MountType(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)#
- ANY = 0#
Use this if the secret can be injected as either an environment variable / file and this should be left for the platform to decide. This is the most flexible option
- ENV_VAR = 1#
Use this if the secret can be injected as an environment variable. Usually works for symmetric keys, passwords etc
- FILE = 2#
Use this for Secrets that cannot be injected into env-var or need to be available as a file Caution: May not be supported in all environments
- class flytekit.SecurityContext(run_as=None, secrets=None, tokens=None)#
This is a higher level wrapper object that for the most part users shouldn’t have to worry about. You should be able to just use
flytekit.Secret
instead.- Parameters:
run_as (Identity | None)
secrets (List[Secret] | None)
tokens (List[OAuth2TokenRequest] | None)